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(54) System and method for processing protected data 



(57) A secure appplicatron module (SAM) receives 
a secure container in which content data encrypted with 
content l<ey data, the encrypted content key data, and 
usage control policy (UCP) data designating a handling 



policy of the content data are stored, and determines at 
least one of the purchase mode and the usage mode of 
the content data based on the UCP data. The SAM 
serves as a slave for a host CPU, and is also provided 
with a common memory shared with the host CPU. 
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Description 



[0001] The present invention relates to a data 
proceising apparatus and system P^orm^^ 
orocessinq for provided content data, and a data 
Z^S^rr^e^y^o^W such an apparatus and asyster.. 
mo02] A data providing system for distributing en- 
Upted content data to data processing 

users Who have made a predetem^ined -on^^^^^l^l 
enablinqthedataprocessingapparatusestodecodethe 

comSata andto read and record it is available^ One 
typTot such data providing systems is a conven^onal 
electronic music distribution (EMD) system for d.stnbut- 

Xr^F^ 106 is a schematic diagram Illustrating a 
Snventio?a. EMD system 700, In the EMD system 70a 
content providers 701a and 701b encrypt content data 
?04a 704b, and 704c, and copyright infomiat,on 705a, 
705b, and 705c by using session key data obta.ned after 
performing mutual authentication, and then prov.de the 

encrypted data to a service provider 710 o"""- 
"ne^he copyright infom^ation 705a, 705b, and 705c 
may include serial copy management system (SCMS) 
inton^atlon, digital watermark '"f^-f 
ding copyright infomiation into the content data and m 
TL^Z for embedding copyright information mto 
transmission protocols of the service provider 71 0 
m004T TheLrvtaeprovider710decodesthereceN^ 

SntSt data 704a. 704b. and ^040. and the cop^^^^^^^^ 
information 705a, 705b, and 705c by the use of the ses 

l^O^OsTTt service provider 710 then embeds t,e 
copyright information 705a. 705b. and 705c ,rrto the de^ 
coded content data 704a. 704b. and 704c which have 
been received online or offline so as to create co"te"t 
data 707a 707b, and 707c. In this case, as part of the 
coSright -nformation 704a. 704b. and 704c, the sen|.ce 
DroSr710 embeds the digital watemaark mfomiat.on 
into S content data 704a, 704b. and 704c by changing 
predetermined frequency domains, and ernbeds^^^^^^^ 
SCMS information into network protocols usedfortrans- 
Sfgtl content data 704a, 704b,and704c to theus- 

[00061 The sen^ice provider 710 also er^cryp^ the 
Ltemdata707a,707b.and707cbyus^gcontem^ 

data Kca. Kcb. and Kcc, respectively, read ^om a key 
database 706. Subsequently, the servce P^ovder 710 
encrypts a secure container 722. which stores the en- 
Tn^pTe^content data 707a. 707b. and 707c, by using 
session key data obtained after perfomiing mutual au- 
theTcation and sends the encrypted secure container 
722 to a conditional access (CA) module 711 stored in 
a terminal device 709 of the user. 
?O0oT The CA module 711 decodes the secure con- 
ainer 722 by using the session key data. The CA mod^ 
1 alsoLeives the content key data Kca. Kcb and 
kI from the key database 706 of the sewice provider 
710 by using an accounting function, such as an elec- 



tronic settlement system or a CA, and decodes^ by us 
ing the session key data. This ^nab es the tenjmal de 
vice 709 to decode the content data 707a 707b and 
707C by using the content key data Kca. Kcb. and Kcc. 

' Sri'e CA module 711 performs accounting 
orocessing for each content so as to generate account- 
SigTtoration 721 , and encrypts it by using the session 
key data and sends it to a rights processing module 720 

'° Prrt&"cA module 711 performs the 

processing on the items concerning the services prov.d^ 
Lby the servlceprovider710, in otherwords.the Items 

to be managed by the service Provider 710 such ^ us- 
15 er-s contract (renewal) infom^ation. «>"e^^'°7^ J^^^^, 
ample a monthly basic fee incurred by using a network. 
Soun«ng processing for each content, and ensuring 
the security of the physical layer of the network 
[00101 upon receiving the accounting informaUon 721 
20 L the CA module 711 . the service provider 710 d.s^ 
tLtes the profits between the sen/ice provider 7 0 and 
'the content providers 701a, 701b. and 701c. In th^ 
case theprofitsaredistributedfromtheserviceprovider 
710 to the' content providers 701a. 701b. and 7 1c via 
2S an intermediary, for example, th-Japanese Soc.e^^o 
Riahts of Authors. Composers and Publishers (JAS 
RaST JASRAC also distributes the profits of the content 
proviers 701a, 701b. and 701c to the copyright holder 
'heTrtist. the composer, the writer, and the production 
30 company of the content data, etc. 

[0011] in recording the content data 707a, 707b. and 
707C decoded with the content key data Kca Kcb and 
Kcc respectively, on a recording medium 723, such as 
aTandom acces'; memory (RAM), the terminal devij 
35 709performscopycontrolbyoven«ntingtheSCMSb.te 

of the copyright information 705a. 705b. and 705a Tha^ 
is the user performs copy control based on the SCMS 
biif en'Sedd'ed Into the content data 707a, 707b, and 
707c thereby implementing copyright protection. 
40 [0012] The SCMS prohibits the copying opera^on of 
L content data, for example, for two or more genera-. 
ionXpy free . but allows unlimited one-generation 
Copying (ipy oU. and Is thus insufficient for copy- 

Srtthe" above-described EMD system 700 n is 
necessary for the content provider 701 to monrtor the 
Son of the service provider 710, who ,s techncally 
Se to t-ly handle the unencrypted con^nt data, a d 
the profit of the content providers 701 a. 701 b, and 701c 
50 may be unfairly 5 exploited. ^iffi 
moi41 Additionally, in the EMD system 700. 1 is diffi- 
cuft to restrictillegalactions of the users temilnal device 
709 such as authoringthe content data distributed from 
the semce provider 710 and re-distributing itto another 
55 To ter^inardevice. thereby aiso unfairly exp.o t.ng he 
nroflts of the content providers 701a. 701b, and 701 c. 
K Accordingly, in addressing the aforementioned 
problems inherent in the related art, it is an aim of at 
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least an embodiment of the present invention to provide 
a 15 data processing apparatus, a data processing sys- 
tem, and a data processing method therefor, for suitably 
protecting the profits of a content-rights holder, such as 
a content provider. 

[0016] • It is another aim to provide a data processing 
20 apparatus, a data processing system, and a data 
processing method therefor, for reducing a load for pro- 
tecting the profits of a content- rights holder, such as a 
content provider. 

[0017] According to one aspect of the present inven- 
tion, there is provided a data processing apparatus for 

perfomning rights processing of content data encrypted 
with content key data based on usage control policy 
(UCP) data, and for decrypting the encrypted content 
key data. The data processing apparatus include within 
a tamper-resistant circuit module: a first bus; an arith- 
metic processing circuit connected to the first bus, for 
performing the rights processing of the content data 
based on the UCP data; a storage circuit connected to 
the first bus; a second bus; a first Interface circuit inter- 
posed between the first bus and the second bus; an en- 
cryption processing circuit connectedto the second bus, 
for decrypting the content key data; and an external bus 
interface circuit connected to the second bus. 
[0018] According to the aforementioned data 
processing apparatus, content data, corresponding 
content key data, and corresponding UCP data are dis- 
tributed, and also, license key data for decrypting the 
content key data is distributed. The license key data is 
stored, for example, in the above-described storage cir- 
cuit. 

[0019] Then, In response to an Instruction to perform 
rights processing from an external arithmetic processing 
apparatus via the external bus interface circuit, the 
rights processing of the content data based on the UCP 
data is executed In the aforementioned arithmetic 
processing circuit. Thereafter, the content key data Is 
decrypted in the arithmetic processing circuit by using 
the license key data read from the storage circuit. 
[0020] The aforementioned data processing appara- 
tus performs mutual authentication with another decod- 
ing apparatus, and encrypts the decrypted content key 
data and content data by using the session key data ob- 
tained by mutual authentication, and sends them to the 
decoding apparatus. 

[0021] In the aforementioned data processing appa- 
ratus may further include a second interface circuit with- 
in the tamper-resistant circuit module. The first bus may 
include a third bus connected to the arithmetic process- 
ing circuit and the storage circuit, and a fourth bus con- 
nected to the first interface circuit, and the second inter- 
face circuit may be interposed between thethird bus and 
the fourth bus. 

[0022] The aforementioned data processing appara- 
tus may further Include within the tamper.-reslstant cir- 
cuit module: a fifth bus; a third interface circuit connect- 
ed to the fifth bus, for performing communication with a 



data processing circuit having an authentication func- 
tion which is loaded on one of a recording medium and 
an integrated circuit card; and a fourth interface circuit 
interposed between the fourth bus and the fifth bus. 
5 [0023] In the aforementioned data processing appa- 
ratus, the encryption processing circuit may include a 
public-key encryption circuit and a common-key encryp- 
tion circuit. 

[0024] In the aforementioned data processing appa- 
10 ratus, the storage circuit may store private key data of 
the data processing apparatus and public key data of a 
second data processing apparatus. The public-key en- 
cryption circuit may verify the Integrity of signature data, 
which verifies the Integrity of the content data, the con- 
15 tent key data, and the UCP data, by using the corre- 
sponding public key data. When recording the content 
data, the content key data, and the UCP data on a re- 
cording medium or when sending them to the second 
data processing apparatus, the public-key encryption 
20 circuit may create signature data, which verifies the in- 
tegrity of the content data, the content key data, and the 
UCP data, by using the private key data. The common- 
key encryption circuit may decrypt the content key data, 
and when sending the content data, the content key da- 
25 ta, and the UCP data to the second data processing ap- 
paratus online, the common-key encryption circuit may 
encrypt and decrypt the content data, the content key 
data, and the UCP data by using session key data ob- 
tained by performing mutual authentication with the see- 
so ond data processing apparatus. 

[0025] The aforementioned data processing appara- 
tus may further include a hash-value generating circuit 
within the tamper-resistant circuit module, for generat- 
ing hash values of the content data, the content key data 
55 and the UCP data. The public-key encryption circuit may 
verify the integrity of the signature data and may create 
the signature data by using the hash values. 
[0026] The aforementioned data processing appara- 
tus may further include a random-number generating 
40 circuit within the tamper-resistant circuit module. The 
random-number generating circuit may be connected to 
the second bus, for generating a random number for 
performing mutual authentication with the second data 
processing apparatus when sending the content data, 
45 the content key data, and the UCP data to the second 
data processing apparatus online. 
[0027] In the aforementioned data processing appa- 
ratus, the external bus Interface circuit may be connect- 
ed to an external storage circuit for storing at least one 
50 of the content data, the content key data, and the UCP 
data. 

[0028] The data processing apparatus may further in- 
clude a storage-circuit control circuit for controlling ac- 
cess to the storage circuit and access to the external 
55 storage circuit via the external bus interface circuit in 
accordance with a command from the arithmetic 
processing circuit. 

[0029] In the aforementioned data processing appa- 
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ratus, the external bus interface circuit may be connect- 
ed to a host arithmetic processing apparatus for central- 
ly controlling a system on which the data processing ap- 
paratus is loaded. 

[0030] The aforementioned data processing appara- 
tus may further include a storage management circuit 
for managing an address space of the storage circuit 
and an address space of the external storage circuit. 
[0031] In the aforementioned data processing appa- 
ratus, the arithmetic processing circuit may determine 
at least one of a purchase mode and a usage mode of 
the content data based on a handling policy indicated 
by the UCP data, and may create log data indicating a 
result of the determined mode. 

[0032] In the aforementioned data processing appa- 
ratus, atter detemriining the purchase mode, the arith- 
metic processing circuit may create usage control status 
data in accordance with the determined purchase mode, 
and may conlrol ihe use of the content data based on 
the usage contiol status data. 

[0033] In the aforementioned data processing appa- 
ratus, in recording the content data, for which the pur- 
chase mode is detemnined. on a recording medium, the 
common-key encryption circuit may encrypt the content 
key data and the usage control status data by using me- 
dium key data corresponding to the recording medium. 
[0034] In the aforementioned data processing appa- 
ratus, the content key data may be encrypted with li- 
cense key data having an effective period. The storage 
circuit may store the license key data. The data process- 
ing apparatus may further include a real time clock for 
generating real time. The arithmetic processing circuit 
may read the effective license key data from the storage 
circuit based on the real time indicated by the real time 
clock. The common-key encryption circuit may decrypt 
the content key data by using the read license key data. 
[0035] In the data processing apparatus, the storage 
circuit may write and erase data in units of blocks. The 
data processing apparatus may include within the 
tamper-resistant circuit module, a write-lock control cir- 
cuit for controlling the writing and erasing of the data 
into and from the storage circuit in units of blocks under 
the control of the arithmetic processing circuit. 
[0036] According to another aspect of the present in- 
vention, there Is provided a data processing apparatus 
for performing rights processing of content data encrypt- 
ed with content key data based on UCP data, and for 
decrypting the encrypted content key data. The data 
processing apparatus includes within a tamper-resistant 
circuit module: a first bus; an arithmetic processing cir- 
cuit connected to the first bus, for perfomning the rights 
processing of the content data based on the UCP data; 
a storage circuit connected to the first bus; a second 
bus; an interface circuit interposed between the first bus 
and the second bus; an encryption processing circuit 
connected to the second bus, for decrypting the content 
key data; and an external bus interface circuit connected 
to the second bus. Upon receiving an interrupt from an 



external circuit via the external bus interface circuit, the 
arithmetic processing circuit becomes a slave forthe ex- 
ternal circuit so as to perform processing designated by 
the Interrupt, and reports a result of the processing to 

5 the external circuit. 

[0037] In the aforementioned data processing appa- 
ratus, the arithmetic processing circuit may report the 
result of the processing by outputting an interrupt to the 
external circuit. 

10 [0038] Inithe aforementioned data processing appa- 
ratus, the external bus interface may include a common 
memory for the arithmetic processing circuit and the ex- 
ternal circuit. The arithmetic processing circuit may write 
the result of the processing into the common memory. 

15 The external circuit may obtain the result of the process- 
ing by polling. 

[0039] In the aforementioned data processing appa- 
ratus, the external bus interface may include: a first sta- 
tus register indicating an execution status of the 

20 processing requested from the external circuit in the 
arithmetic processing circuit, and including a flag set by 
the arithmetic processing circuit and read by the exter- 
nal circuit; a second status register indicating whether 
the external circuit has requested the arithmetic 

25 processing circuit to perform processing, and including 
a flag set by the external circuit and read by the arith- 
metic processing circuit; and the common memory for 
storing a result of the processing. 
[0040] In the aforementioned data processing appa- 

30 ratus, the storage circuit may store an interrupt program 
describing the processing designated by the interrupt, 
and the arithmetic processing circuit may perform the 
processingby executing the interrupt program read from 
the storage circuit. 

35 [0041] In the data processing apparatus, the storage 
circuit may store a plurality of the interrupt programs, 
and a plurality of sub-routines to be read when executing 
the interrupt program. The arithmetic processing circuit 
may appropriately read and execute the sub-routines 

40 from the storage circuit when executing the interrupt 
program read from the storage circuit. 
[0042] According to another aspect of the present in- 
vention, there is provided a data processing system in- 
cluding: an arithmetic processing apparatus, for execut- 
es ing a predetemrilned program and for outputting an In- 
terrupt according to a predetermined condition by serv- 
ing as a master; and a data processing apparatus, for 
performing predetermined processing in response to 
the interrupt from the arithmetic processing apparatus 

50 by serving as a slave for the arithmetic processing ap- 
paratus, and for reporting a result of the processing to 
the arithmetic processing apparatus. The data process- 
ing apparatus may include within a tamper-resistant cir- 
cuit module: a determining unit for determining at least 
55 one of a purchase mode and a usage mode of content 
data based on a handling policy indicated by the UCP 
data; a log data generator for generating log data indi- 
cating a result of the detemnined mode; and a decryption 
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unit for decrypting the content key data. 
[0043] In the aforementioned data processing sys- 
tenn, upon receiving the interrupt indicating an inten^upt 
type, the arithmetic processing apparatus may output to 
the data processing apparatus an interrupt indicating an 
instruction to execute an internjpt routine corresponding 
to the interrupt type. The data processing apparatus 
may execute the interrupt routine corresponding to the 
interrupt type of the interrupt received from the arithme- 
tic processing apparatus. 

[0044] In the aforementioned data processing sys- 
tem, the data processing apparatus may report a result 
of the processing by outputting an interrupt to the arith- 
metic processing apparatus. 

[0045] In the aforementioned data processing sys- 
tem, the data processing apparatus may include a com- 
mon memory which is accessible by the data processing 
apparatus and the arithmetic processing apparatus. The 
arilhmelic processing apparatus may obtain the result 
of the processing by accessing the common memory 
through polling. 

[0046] In the aforementioned data processing sys- 
tem, the data processing apparatus may include a first 
status register indicating an execution status of the 
processing requested from the arithmetic processing 
apparatus, and including a flag read by the arithmetic 
processing apparatus; a second status register Indicat- 
ing whether the arithmetic processing apparatus has re- 
quested the data processing apparatus to perform 
processing by the interrupt, and including a flag set by 
the arithmetic processing apparatus; and the common 
memory for storing a result of the processing, 
[0047] The aforementioned data processing system 
may further include a bus for connecting the arithmetic 
processing apparatus and the data processing appara- 
tus. 

[0048] In the aforementioned data processing sys- 
tem, the data processing apparatus may enter a low 
power state after completing the execution of one of an 
initial program and the interrupt routine. 
[0049] In the aforementioned data processing sys- 
tem, based on the interrupt received from the arithmetic 
processing apparatus, the data processing apparatus 
may execute the interrupt routine in accordance with at 
least one of processing for determining one of the pur- 
chase mode and the usage mode of the content data, 
processing for reproducing the content data, and 
processing for downloading the data frorn a certifying 
authority. \ 
[0050] In the aforementioned data processing sys- 
tem, the arithmetic processing apparatus ;may execute 
a prGdctormincd user program. 

[0051] According to afurther aspect of the present in- 
vention, there is provided a data processing system in 
which content data provided by a data providing appa- 
ratus is received from a data distribution apparatus, and 
is managed by a management apparatus. The data 
processing system Includes: a first processing module 



for receiving from the data distribution apparatus a mod- 
ule In which content data encrypted with content key da- 
ta, the encrypted content key data, UCP data Indicating 
a handling policy of the content data, and price data for 

5 the content data determined by the data distribution ap- 
paratus are stored, and for decrypting the received mod- 
ule by using common key data, and for performing ac- 
counting processing for a distribution service of the 
module by the data distribution apparatus. An arithmetic 

10 processing apparatus executes a predetermined pro- 
gram and outputs an interrupt according to a predeter- 
mined condition by sending as a master. A data process- 
ing apparatus performs predetennlned processing in re- 
sponse to the interrupt from the arithmetic processing 

15 apparatus by serving as a slave for the arithmetic 
processing apparatus, and reports a result of the 
processing to the arithmetic processing apparatus. The 
data processing apparatus includes within a tamper-re- 
sistant circuit module; a determining unit for determining 

^0 at least one of a purchase mode and a usage mode of 
the content data based on the handling policy indicated 
by the UCP data stored in the received module. A log 
data generator generates log data indicating a result of 
the determined mode. An output unit outputs the price 

25 data and the log data to the management apparatus 
when the purchase mode of the content data is deter- 
mined. A decryption unit decrypts the content key data. 
[0052] According to a yet further aspect of the present 
invention, there is provided a data processing system 

30 including: an arithmetic processing apparatus for exe- 
cuting a predetermined program and for outputting an 
interrupt according to a predetermined condition by 
serving as a master; a first tamper-resistant data 
processing apparatus for performing rights processing 

35 of content data encrypted with content key data In re- 
sponse to the interrupt from the arithmetic processing 
apparatus by serving as a slave for the arithmetic 
processing apparatus, and for reporting a result of the 
processing to the arithmetic processing apparatus. A 

40 second tamper-resistant data processing apparatus de- 
crypts the content data by using the content key data 
obtained by performing mutual authentication with the 
first tamper-resistant data processing apparatus and 
compresses or decompresses the content data in re- 

45 sponse to the interrupt from the arithmetic processing 
apparatus or the first tamper-resistant data processing 
apparatus by serving as a slave for the arithmetic 
processing apparatus or the first tamper-resistant data 
processing apparatus. 

50 [0053] The aforementioned data processing system 
may further include a bus for connecting the arithmetic 
processing apparatus, the first tamper-resistant data 
processing apparatus, and the second tamper-resistant 
data processing apparatus. 

55 [0054] According to a further aspect of the present in- 
vention, there is provided a data processing system in- 
cluding: an arithmetic processing apparatus for execut- 
ing a predetermined program and for outputting an in- 
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terrupt according to a predetermined condition by serv- 
ing as a master. Af irst tamper-resistant data processing 
apparatus performs rights processing of content data 
encrypted with content key data in response to the in- 
terrupt from the arithmetic processing apparatus by 
serving as a slave for the arithmetic processing appara- 
tus, and reports a result of the processing to the arith- 
metic processing apparatus. A second tamper- resistant 
data processing apparatus performs mutual authentica- 
tion with the arithmetic processing apparatus and reads 
and writes the content data from and into a recording 
medium in response to the interrupt output from the 
arithmetic processing apparatus. 
[0055] In the aforementioned data processing sys- 
tem, the second tamper-resistant processing apparatus 
may decrypt and encrypt the content data by using me- 
dium key data corresponding to the recording medium. 
[0056] In the aforementioned data processing sys- 
tem, when the recording medium is provided with a 
processing circuit having a mutual authentication func- 
tion, the second tamper-resistant processing apparatus 
may perform mutual authentication with the processing 
circuit. 

[0057] According to a further aspect of the present in- 
vention, there Is provided a data processing system in- 
cluding: an arithmetic processing apparatus for execut- 
ing a predetemnined program and for outputting an in- 
terrupt according to a predetemnined condition by serv- 
ing as a master. A first tamper-resistant data processing 
apparatus performs mutual authentication with the arith- 
metic processing apparatus and reads and writes con- 
tent data from and into a recording medium in response 
to the interrupt from the arithmetic processing appara- 
tus. A second tamper-resistant data processing appa- 
ratus decrypts the content data by using content key da- 
ta and compresses or decompresses the content data 
in response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus. 

[0058] The aforementioned data processing system 
may further include a storage circuit for temporarily stor- 
ing the content data read from the recording medium by 
the first tamper-resistant data processing apparatus, 
and outputs the stored content data to the second 
tamper-resistant data processing apparatus. 
[0059] In the aforementioned data processing sys- 
tem, the storage circuit may utilize part of a storage area 
of an ant i -vibration storage circuit. 
[0060] The aforementioned data processing system 
may further include a third tamper-resistant data 
processing apparatus for performing rights processing 
of the content data encrypted with the content key data 
In response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus, and for reporting a result of the 
processing to the arithmetic processing apparatus. 
[0061] According to a further aspect of the present in- 
vention, there is provided a data processing method us- 



ing an arithmetic processing apparatus and a data 
processing. apparatus. The data processing method in- 
cludes the steps of: executing, in the arithmetic process- 
ing apparatus, a predetermined program and outputting 
5 an interrupt according to a predetemnined condition by 
serving as a master; and determining, in the data 
processing apparatus, at least one of a purchase mode 
and a usage mode of content data based on a handling 
policy of UCP data, creating log data Indicating a result 
of the determined mode, and decrypting content key da- 
ta, within a tamper-resistant circuit module In response 
to the Interrupt from the arithmetic processing apparatus 
by serving as a slave for the arithmetic processing ap- 
paratus. 

15 [0062] According to another aspect of the present in- 
vention, there is provided a data processing method us- 
ing an arithmetic processing apparatus, a first data 
processing apparatus, and a second data processing 
apparatus. The data processing method includes the 

20 steps of: executing, in the arithmetic processing appa- 
ratus, a predetermined program and outputting an inter- 
rupt according to a predetermined condition by serving 
as a master; perfonning, in the first data processing ap- 
paratus, rights processing of content data encrypted 

25 with content key data within a tamper- resistant module 
in response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus, and reporting a result of the 
processing to the arithmetic processing apparatus; and 

30 decrypting, in the second data processing apparatus, 
the content data by using the content key data obtained 
by performing mutual authentication with the first data 
processing apparatus and compressing or decompress- 
ing the content data within a tamper- resistant module in 

35 response to the interrupt from the arithmetic processing 
apparatus or the first data processing apparatus by 
serving as a slave for the arithmetic processing appara- 
tus or the first data processing apparatus. 
[0063] According to still another aspect of the present 

40 invention, there is provided a data processing method 
using an arithmetic processing apparatus, a first data 
processing apparatus, and a second data processing 
apparatus. The data processing method includes the 
steps of: executing, in the arithmetic processing appa- 
ls ratus, a predetermined program and outputting an Inter- 
rupt according to a predetermined condition by serving 
as a master; performing, in the first data processing ap- 
paratus, rights processing of content data encrypted 
with content key data within a tamper- resistant module 

50 in response to the Interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus, and reporting a result of the 
processing to the arithmetic processing apparatus; and 
performing, In the second data processing apparatus, 

55 mutual authentication with the arithmetic processing ap- 
paratus, and reading and writing the content data from 
and into a recording medium within a tamper-resistant 
module in response to the interrupt from the arithmetic 
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processing apparatus. 

[0064] According to a further aspect of the present in- 
vention, there is provided a data processing nnethod us- 
ing an arithmetic processing apparatus, a first data 
processing apparatus, and a second data processing 
apparatus. The data processing nnethod includes the 
steps of: executing, In the arithmetic processing appa- 
ratus, a predeternnined progrann and outputting an inter- 
rupt according to a predeternnined condition by serving 
as a master; performing, in the first data processing ap- 
paratus, mutual authentication with thie arithmetic 
processing apparatus, and reading and writing content 
data from and into a recording medium within a tamper- 
resistant module in response to the interrupt from the 
arithmetic processing apparatus; and decrypting, in the 
second data processing apparatus, the content data by 
using content key data and compressing or decom- 
pressing the content data within a tarn per- resistant 
module in response to the interrupt from the arithmetic 
processing apparatus by serving as a slave for the arith- 
metic processing apparatus. 

[0065] The invention will now be described by way of 
example with reference to the accompanying drawings, 
throughout which like parts are referred to by like refer- 
ences, and In which: 

Fig. 1 is a btock diagram illustrating the overall con- 
figuration of an EMD system according to a first em- 
bodiment of the present invention; 
Fig. 2 Illustrates the concept of a secure container 
used in the present invention; 
Figs. 3A, 3B, and 3C illustrate the format of the se- 
cure container sent from a content provider to a se- 
cure application module (SAM) shown in Fig. 1; 
Fig. 4 Illustrates details of data contained in a con- 
tent file shown in Fig. 3A; 

Fig. 5 illustrates details of data contained in a key 
file shown in Fig. 3B; 

Fig. 6 illustrates the registration and the transfer of 
the key file'between the content provider and an 
electronic music distribution (EMD) center shown in 
Fig.1; 

Fig. 7 illustrates header data contained In the con- 
tent file; 

Fig. 8 Illustrates a content ID; I 

Fig. 9 illustrates the directory structure of the secure 

container; 

Fig. 1 0 Illustrates the hyperlink structure of the se- 
cure container; 

Fig. 11 illustrates one example of a recording me- 
dium (ROM) used in the first embodiment; 
Fig. 12 illustrates another example of a recording 
medium (ROM) used in the first embodiment; 
Fig. 13 illustrates still another example of a record- 
ing medium (ROM) used In the first embodiment; 
Fig. 14 illustrates an example of a recording medi- 
um (RAM) used in the first embodiment; 
Fig. 15 illustrates another example of a recording 
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medium (RAM) used in the first embodiment; 
Fig. 16 illustrates still another example of a record- 
ing medium (RAM) used in the first embodiment; 
Figs. 17, 18. and 19 are a flow chart Illustrating 
5 processing for creating the secure container by the 
content provider; 

Fig. 20 Illustrates the functions of the EMD service 
center shown in Fig. 1 ; 

Fig. 21 illustrates usage log data shown in Fig. 1 ; 

10 Fig. 22 is a block diagram illustrating an example of 
the configuration of a network device within a user 
home network shown in Fig. 1 ; 
Fig. 23 illustrates the relationship between a host 
CPU and a SAM shown in Fig. 22; 

15 Fig. 24 illustrates the software configuration imple- 
menting a SAM; 

Fig. 25 Illustrates an external inten'upt to be output 
to the host CPU; 

Fig. 26 illustrates an internal interrupt to be output 
20 from the host CPU; 

Fig. 27 illustrates function calls output from the host 
CPU; 

Fig. 28 illustrates the processing status of a CPU of 
the SAM; 

25 Fig. 29 illustrates memory spaces of the host CPU 
and the SAM; 

Fig. 30 Is a functional block of a SAM within the user 
home network shown in Fig. 1 , and also illustrates 
the data flow when the secure container received 
30 from the content provider Is decoded; 

Fig. 31 illustrates data to be stored in an external 
memory shown In Fig. 22; 

Fig. 32-illustrates data to be stored in a work mem- 
ory; 

35 Fig. 33 Is a block diagram Illustrating another exam- 
ple of the configuration of the network device within 
the user home network shown in Fig. 1 ; 
Fig. 34 illustrates data to be stored in a storage unit 
shown In Fig. 30; 

40 Fig. 35 Is a flow chart Illustrating the processing per- 
formed by the SAM for receiving the license key da- 
ta from the EMD service center; 
Fig. 36 is a flow chart illustrating the processing per- 
formed by the SAM for receiving the secure contain- 

45 er; 

Fig. 37 is a functional block diagram of a SAM within 
the user home network shown in Fig. 1 , and also 
illustrates the data flow when the content data Is uti- 
lized and purchased; 
50 Fig. 38 is a flow chart Illustrating the processing by 
the SAM for determining the purchase mode of the 
content data; 

Figs. 39A through 39D illustrate the secure contain- 
er for which the purchase mode is determined; 
55 Fig. 40 Is a flow chart Illustrating the processing per- 
formed by the SAM for playing back the content da- 
ta; 

Fig. 41 is a block diagram Illustrating the operation 
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of transferring the content file, for which the pur- 
chase nnode is determined, downloaded into a 
download nnemory of the network device shown in 
Fig. 22 to a SAM of an audio-visual (AA/) machine, 
and re-purchasing the content file in the AA/ ma- 5 
chine; 

Fig. 42 illustrates the data flow within the receiver 
SAM shown in Fig. 41 ; 

Fig. 43 is a flow chart illustrating the processing 
shown in Fig. 42; io 
Figs. 44A through 44D illustrate the fomnat of the 
secure container to be transferred in Fig. 41 ; 
Fig. 45 illustrates the data flow when the received 
content file in the receiver SAM shown in Fig. 41 is 
written into a recording medium (ROM or RAM); ^5 
Figs. 46 and 47 are a flow chart Illustrating the 
processing by the receiver SAM shown in Fig. 41 ; 
Fig. 48 illustrates various purchase modes in the 
SAMs within the user home network shown in Fig. 1 ; 
Fig. 49 illustrates the data flow within an AA/ ma- 20 
chine when the recording medium (ROM) shown in 
Fig. 11. for which the purchase mode is not deter- 
mined, is distributed offline to the user home net- 
work, and the purchase mode of the content file is 
determined by the A/V machine; 25 
Fig. 50 illustrates the data flow within the SAM of 
the /W machine shown in Fig. 49; 
Fig. 51 is a flow chart illustrating the processing per- 
formed by the SAM of the A/V machine shown In 
Fig. 49; 30 
Fig. 52 illustrates the processing for reading the se- 
cure container, for which the purchase mode Is not 
determined, from a recording medium (ROM) of an 
A/V machine within the user home network, and for 
transferring the secure container to another A/V 35 
machine and writing It into a recording medium 
(RAM); 

Fig. 53 illustrates the data flow within the receiver 
SAM shown in Fig. 52; 

Figs. 54A through 54D illustrate the format of the 40 

secure container transferred from the sender SAM 

to the receiver SAM shown in Fig. 52; 

Figs. 55 and 56 are a flow chart Illustrating the 

processing perfomned by the sender SAM and the 

receiver SAM shown In Fig. 52; 

Fig. 57 illustrates the data flow within the receiver 

SAM shown in Fig. 52; 

Fig. 58 illustrates an example of connection models 
of the devices via a bus within the user home net- 
work; 

Fig. 59 illustrates the data format of a SAM regis- 
tration list created by the SAM; 
Fig. 60 illustrates the format of a public-key certifi- 
cate revocation list created by the EMD service 
center; 

Fig. 61 illustrates the data format of the SAM regis- 
tration list created by the EMD sen/ice center; 
Fig. 62 illustrates a security function of the SAM; 
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Fig. 63 illustrates an example of loading models of 
various SAMs in the network device of the user 
home network shown in Fig. 1 ; 
Fig. 64 illustrates the detailed circuit configuration 
of a download memory and peripheral circuits 
shown in Fig. 63; 

Fig. 65 illustrates the relationship between the host 
CPU and the SAM shown in Fig. 63; 
Fig. 66 illustrates the relationship among the host 
CPU, the SAM, the A/V compression/decompres- 
sion SAM, and the recording medium shown in Fig. 
63; , 

Fig. 67 illustrates the relationship among the host 
CPU, the medium drive SAM, and the A/V compres- 
sion/decompression SAM shown in Fig. 63; 
Fig. 68 illustrates one example of the circuit module 
of a rights processing SAM; 
Fig. 69 illustrates one example of hardware config- 
uration within the SAM configured as the circuit 
module shown in Fig. 68; 

Fig. 70 illustrates an address space of the rights 
processing SAM; 

Fig. 71 illustrates an address space of the host 
CPU; . 

Fig. 72 illustrates another example of the circuit 

module of the rights processing SAM; 

Fig. 73-illustrates a circuit module of the medium 

SAM; / 

Fig. 74 Illustrates storage data in the medium SAM 
of a recording medium (ROM) when the ROM is 
shipped; 

Fig. 75 illustrates storage data in the medium SAM 
of the recording medium (ROM) after registration is 
conducted; 

Fig. 76 illustrates storage data In the medium SAM 
of a recording medium (RAM) when the RAM Is 

shipped; 

Fig. 77 illustrates storage data in the medium SAM 
of the recording medium (RAM) when registration 
is conducted; 

Fig. 78 illustrates an example of a circuit module of 
the AA/ compression/decompression SAM; 
Fig. 79 illustrates an example of a circuit module of 
the medium drive SAM; 

Fig. 80 is a flow chart illustrating the overall opera- 
tion of the EMD system shown In Fig. 1 ; 
Fig. 81 illustrates examples of distribution protocols 
for the secure container used In the EMD system of 
the firist embodiment; 

Fig. 82 is a block diagram illustrating the overall 
configuration of an EMD system according to a sec- 
ond embodiment of the present invention; 
Fig. 83 is a flow chart illustrating the processing for 
creating a secure container in a service provider; 
Figs. 84A through 84D illustrate the format of the 
secure container sent from the service provider to 
the user home network shown in Fig. 82; 
Fig. 85 illustrates the sending fomiat of a content 
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file stored in the secure container shown in Figs. 
84A through B4D; 

Fig. 86 illustrates the sending fonmat of a key file 
stored in the secure container shown in Figs. 84A 
through 84D; 5 
Fig. 87 Illustrates the functions of the EMD service 
center shown in Fig. 82; 

Fig. 88 IS a block diagrann illustrating a network de- 
vice shown in Fig. 82; 

Fig. 89 is a functional block diagram illustrating a io 
CA module shown in Fig. 88; 
Fig. 90 is a functional block diagram Illustrating a 
SAM shown in Fig. 82, and also illustrates the data 
flow when the secure container is received and de- 
coded; . ' ^5 
Fig. 91 illustrates data to be stored in. a work mem- 
ory shown in Fig. 90; 

Fig. 92 is a functional block diagram illustrating the 
SAM shown in Fig. 82, and also illustrates the data 
flow when the purchase and usage modes of the 20 
content are determined; 

Fig. 93 is a flow chart illustrating the processing for 
receiving the secure container by the SAM shown 
in Fig. 82; 

Fig. 94 is a block diagram illustrating: the operation 25 
of transferring the content file, for vvhich the pur- 
chase mode is determined, downloaded into a 
download memory of the network device shown in 
Fig. 82 to a SAM of an AA/ machine; 
Fig. 95 illustrates the data flow within the receiver 30 
SAM shown in Fig. 94; 

Fig. 96 is a flow chart illustrating the processing per- 
formed by the sender SAM shown in Fig. 95; 
Figs. 97A through 97E illustrate the format of the 
secure container transferred from the sender SAM 35 
to the receiver SAM shown in Fig. 94; 
Fig. 98 illustrates the data flow within the receiver 
SAM shown in Fig. 94; 

Figs. 99 and 100 are a flow chart illustrating the 
processing perfomned by the receiver SAM shown 40 

in Fig. 94; 

Fig. 101 illustrates an example of connection mod- 
els of the SAMS within the user home network 
shown in Fig. 82; 

Figs. 102 and 103 are a flow chart Illustrating the <s 
overall operation of the EMD system!shown In Fig. 
82; • 
Fig. 1 04 illustrates an example of service models of 
the EMD system shown in Fig. 82; 
Fig. 1 05 illustrates distribution protocols for the se- so 
cure container employed in the EMD system shown 
in Fig. 82; and 

Fig. 1 06 is a block diagram illustrating a convention- 
al EMD system. 

55 

[0066] An electronic music distribution (EMD) system 
according to an embodiment of the present invention is 
first described below. 
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First Embodiment 

[0067] Fig. 1 is a block diagram illustrating an EMD 
system 100 constructed in accordance with an embod- 
iment of the present invention. 

[0068] In this embodiment, the "content data" to be 
distributed to users is digital data having meaningful in- 
formation, which is described below by taking music da- 
ta as an example. 

[0069] The EMD system 100 includes, as shown in 
Fig. 1, a content provider 101, an EMD service center 
(clearing house, may be hereinafter simply referred to 
as the "ESC") 102, and a user home network 103. 
[0070] The content provider 101, the EMD service 
center 102, and secure application modules (SAMs) 
105.J through 1064 respectively correspond to a data 
providing apparatus, a data management apparatus, 
and a data processing apparatus of the present Inven- 
tion. 

[0071] An overview of the EMD system 100 is first dis- 
cussed. The EMD system 100 sends to the EMD service 
center 102, which is a highly reliable authorizing organ- 
ization, content key data Kc used for encrypting content 
data C to be provided, UCP (UCP) data 106 indicating, 
for example, the license agreement conditions of the 
content data C, and digital-watermark information con- 
trol data indicating the content of digital watermark in- 
formation and the position In which digital watermark in- 
formation is embedded, 

[0072] The EMD servicecenter 1 02 registers (authen- 
ticates or authorizes) the content key data Kc, the UCP 
data 106, and the digital-watermark infonnation control 
data received from the content provider 101 . 
[0073] The EMD service center 1 02 also creates a key 
file KF, which stores the content key data Kc encrypted 
with license key data KD., through KDg of corresponding 
periods, the UCP data 106, and signature data of the 
EMD service center 1 02, and sends the key file KF to 
the content provider 101 . 

[0074] The signature data is used for verifying the in- 
tegrity of the key file KF and the identity of the creator 
of the key file KF, and the official registration of the key 
file KF in the EMD service center 102. 
[0075] The content provider 1 01 creates a content file 
CF by encrypting the content data C with the use of the 
content key data Kc, and distributes a secure container 
104 (corresponding to a module of the present inven- 
tion), which stores the content file CF, the key file KF 
received from the EMD service center 1 02, and the sig- 
nature data of the content provider 101, to the user 
home network 103 via a network, such as the Internet, 
or a digital broadcast, or package media, such as a re- 
cording medium. 

[0076] The signature data stored in the secure con- 
tainer 104 is used for verifying the Integrity of the corre- 
sponding data and the identity of the creator and the 
sender of the data. 

[0077] The user home network 103 Includes, for ex- 
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ample, a network device 160^, and audio-visual (AV) 
machines 1 6O2 through 1 6O4. The network device 1 60^ 
has a built-in SAM 1 05^ . Th A/V machines 1 6O2 through 
I6O4 have built-in SAMs lOSg through 1064. respective- 
ly. The SAMs 1 05^ through 1 064 are interconnected with 
each other via a bus 191, such as an IEEE-1394 serial 
interface bus. 

[0078] The SAMs 1 05-, through 1 064 decode the se- 
cure container 104 received from the content provider 
101 online via, for example, a network, and/or the se- 
cure container 104 supplied from the content provider 
101 to the A/V machines I6O2 through I6O4 offline via 
a recording medium, by using the license key data KD^ 
through KD3 of corresponding periods, and then verify 
the signature data. 

[0079] The secure container 1 04 supplied to the SAM 
105i through 1064 is then ready to be played back or 
recorded on a recording medium in the network device 
1 60^ and the AA/ machines 1 6O2 through 1 6O4 after the 
purchase/usage mode of the secure container 104 has 
been determined by a user's operation. 
[0080] The SAMs 105-, through 1064 record the pur- 
chase/usage history of the secure container 1 04 as us- 
age log data 108, and also create usage control status 
(DCS) data 166 indicating the purchase mode. 
[0081] The usage log data 108 is sent from the user 
home network 103 to the EMD service center 102. for 
example, in response to a request from the EMD sen/ice 
center 102. The UCS data 166 is sent from the user 
home network 103 to the EMD service center 102. for 
example, every time the purchase mode is determined. 
[0082] The EMD service center 1 02 determines (cal- 
culates) the accounting content based on the usage log 
data 108, and settles the account, based on the calcu- 
lated accounting content, by using a settlement organi- 
zation 91 , such as a bank, via a payment gateway 90. 
According to this settlement, the payment made by the 
user of the user honne network 1 03 to the settlement or- 
ganization 91 is given to the content provider 1 01 by the 
settlement processing perfomned by the EMD service 
center 1 02. The EMD service center 1 02 regularly sends 
settlement report data 1 07 to the content provider 1 01 . 
[0083] In this ennbodiment, the EMD service center 
1 02 has an authentication function, a key-data manage- 
ment function, and a rights processing (profit distribu- 
tion) function. 

[0084] More specifically, the EMD service center 1 02 
serves as a second certifying authority located at a layer 
lower than a root certifying authority 92, which is the 
neutral supreme authority, and authenticates public key 
data by attaching a signature to the public-key certificate 
data of the public key data by using private key data of 
the EMD service center 1 02. The public key data is used 
for verifying the integrity of the signature data in the con- 
tent provider 101 and the SAMs 105^ through 1064. As 
stated above, the EMD sen/ice center 1 02 registers and 
authorizes the. UCP data 106 of the content provider 
1 01 , which is also part of the authentication function of 
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the EMD service center 102. 

[0085] The EMD service center 102 also has the key- 
data management function of managing key data, such 
as license key data KD^ through KDg. 
5 [0086] The EMD service center 1 02 also has the fol- 
lowing rights processing (profit distribution) function. 
The EMD service center 1 02 settles the account for the 
purchase and usage of the content made by the user 
based on the suggested retailer's price (SRP) stated in 
10 the authorized UCP data 106 and the usage log data 
108 input from the SAMs 105^ through 1064, and dis- 
tributes the payment made by the user to the content 
provider 101 . 

[0087] Fig. 2 schematically illustrates the concept of 
15 the secure container 1 04. 

[0088] The secure container 104 stores, as shown in 
Fig. 2 the content file CF created by the content provider 
1 01 and the key file KF created by the EMD service cent- 
er 102. 

20 [0089] In; the content file CF, header data containing 
a header and a content ID, the content data C encrypted 
with the content key data Kc, and the signature data en- 
crypted with private key data Kqp.s content pro- 
vider 101 are stored. 
25 [0090] la the key file KF, header data containing a 
header and a content ID, the content key data Kc and 
the UCP data 106 encrypted with the license key data 
KD.J through KDg. and the signature data encrypted with 
the private, key data K^scs service center 
30 1 02 are stored. 

[0091] In Fig. 2, the UCP data 106 may not be en- 
crypted with the license key data KD^ through KDe, in 
which case, the signature data encrypted with the pri- 
vate key data K^ps of the content provider 1 01 is added 
35 to the UCP data 106. 

[0092] Details of the individual elements of the EMD 
system 1 00 are discussed below. 

[Content provider 101] 

40 

[0093] Before starting to communicate with the EMD 
service center 1 02, the content provider 1 01 offline reg- 
isters the public key data K^p.p created by the content 
provider 101, the ID certificate, and the bank account 
45 number (for settling the account) of the content provider 
1 01 in the EMD service center 1 02, and obtains a unique 
identifier (ID number) CPJD. The content provider 101 
also receives from the EMD service center 1 02 the pub- 
lic key data K^scP of the EMD service center 1 02 and 
50 the public key data Kr.ca.p of the root certifying authority 
92. 

[0094] The content provider 101 creates the secure 
container 1 04 which stores the content file CF and sig- 
nature data SlGfi CP of the content file CF shown in Fig. 
55 3A, the key file KF corresponding to the content file CF 
read from a key file database 118b and signature data 
SIG7 CP of the key file KF shown in Fig. 3B, public-key 
certificate data CERcp of the content provider 1 01 read 
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from a storage unit 119 and signature data SIG^ ^sc of 
the public-key certificate data CERcp shown in Fig. 3C. 
[0095] The content provider 1 01 supplies online or of- 
fline the secure container 104 to the network device 
160^ of the user home network 103 shown in Fig. 1. 5 
[0096] In this manner, according to this embodiment, 
an in-bahd system is employed In which the public key 
certificate CERcp of the public key data K^pp of the con- 
tent provider 1 01 , which is stored in the secure container 
1 04, is directly sent to the user home network 1 03. This io 
eliminates the need for the user home network 103 to 
communicate with the EMD service center 102 In order 
to acquire the public key certificate CERcp- 
[0097] Alternatively, in the present Invention, an out- 
of-band system may be employed in which the user 
home network 1 03 may acquire the public key certificate 
CERcp from the EMD service center 102 instead of stor- 
ing it in the secure container 1 04. 
[0098] In this embodiment, the signature data is gen- 
erated by hashing the data used for the signature in the 
content provider 101, the EMD service center 102, and 
the SAMs 105., through IO54 by using the private keys 
Kcp.S' Kesc.s. '^sami through Ksam4' respectively. The 
hash values are generated by using hash functions. Ac- 
cording to the hash functions, the data used for signa- 
tures is input and is compressed into data having a pre- 
determined bit length, which is then output as the hash 
values. It is difficult to predict the input value from the 
hash values (output values), and when one bit of the 
input data changes, many bits of the hash values 
change. It is also difficult to search for the input data 
having the same hash value. 

[0099] Details of the individual data in the secure con- 
tainer 1 04 are as follows. 

Signature data SIG r^.p 

[0100] The signature data SIGg cp used at the des- 
tination of the secure container 104 for verifying the in- 
tegrity of the creator and the sender of the content file 
CF. 

Signature data SIF 7 

[0101] The signature data SIG7 Is used at the des- 
tination of the secure container 1 04 for verifying the in- 
tegrity of the sender of the key file KF. The Integrity of 
the creator of the key file KF is verified at the destination 
of the secure container 1 04 based on the signature data 
S'^Ki.ESC within the key file KF. The signature data 
SIG^^ ESC ^'sQ used for verifying the registration of 
the key file KF in the EMD service center 102. 

Content fileCF 

[0102] Fig. 4 illustrates details of the content file CF 
shown in Fig. 3A. 

[0103] The content file CF stores, as shown in Figs. 



3A and 4, header data, meta data Meta encrypted with 
the content key data Kc input from an encryption unit 
114, content data C, AA/ decompression software Soft, 
and a digital watermark Infomiation module (Watennark 
Module) WM. 

[0104] Fig. 3A Illustrates the configuration of the con- 
tent file CF when a digital signal processor (DSP) is used 
as an AA/ compression/decompression device for de- 
compressing the content data C. The DSP decompress- 
es the content data C within the secure container 104 
and embeds and detects digital watermark information 
by using the AA/ decompression software and the digital 
watermark infonnation module within the secure con- 
tainer 1 04. This enables the content provider 1 01 to em- 
ploy a desired compression method and an embedding 
method for digital watermark information. 
[0105] If hardware or prestored software Is used as 
an A/V compression/decompression device for decom- 
pressing the content data C and for embedding and de- 
tecting digital watermark information, the A/V decom- 
pression software and the digital watermark information 
module may not be stored within the content file CF. 
[0106] The header data contains, as shown in Fig. 4, 
a synchronization signal, a content ID, signature data 
obtained by the private key data \<cp,s ^^e content 
provider 101 for verifying the content ID, directory infor- 
mation, hyperlink information, information concerning 
the serial number, the effective period and the creator 
of the content file CF, the file size, the encryption flag, 
the encryption algorithm, and the signature algorithm, 
and signature data obtained by the private key data 
Kcp.s of the content provider 101 for verifying the direc- 
tory information. 

[0107] The meta data Meta includes, as shown in Fig. 
4, the description of a product (i.e., content data C), ad- 
vertisement information for product demonstration, 
product- related information, and signature data of the 
content provider 1 01 for verifying the above information. 
[0108] In the present invention, the meta data Meta Is 
sent while being stored in the content file CF, as shown 
in Figs. 3A and 4. Alternatively, instead of storing the 
meta data Meta In the content file CF, the meta data Me- 
ta may be transmitted from the content provider 1 01 to, 
for example, the SAM 1 05^ via a path different from the 
path for sending the content file CF. 
[01 09] The content data C Is obtained In the following 
manner. Source digital watermark Infomnatlon (Source 
Watermark) Wg, copy control digital watemiark informa- 
tion (Copy Control Watermark) Wc, user digital water- 
mark information (User Watennark) Wy, and link digital 
watermark infonnation (Link Watermark) Wi_, etc., are 
embedded into content data read from, for example, a 
content master source database. Then, the content data 
is compressed according to a voice compression meth- 
od, such as adaptive transfonn acoustic coding 3 
(ATRAC3) (brand name), and is encrypted according to 
a common key cryptosystem, such as the data encryp- 
tion standard (DES) or Triple DES. by using a content 
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key Kc as the common key. 

[01 10] The content key data Kc is obtained by, for ex- 
ample, generating a random number having a predeter- 
mined number of bits by using a random number gen- 
erator. The content key data Kc may be generated from 
information concerning a music piece provided by the 
content data. The content key data Kc is regularly up- 
dated. 

[0111] In the presence of a plurality of content provid- 
ers 1 01 , the content key data Kc unique to each content 
provider 1 01 may be used, or the common content data 
Kc may be used for all the content providers 1 01 . 
[0112] Source digital watermark information Ws indi- 
cates information concerning the copyright, such as the 
name of the copyright holder of the content data, the 
International Standard Recording Code (ISRC), the au- 
thoring date, the authoring machine identification data 
(ID), and the distribution destination of the content. 
[01 1 3] The copy control digilal watermark information 
Wc indicates information including a copy prohibit bitfor 
preventing a copying operation via an analog interface. 
[0114] The user digital watemnark infonnation Wy 
contains, for example, the identifier CP_1D of the con- 
tent provider 101 for specifying the distribution source 
and the distribution destination of the secure container 
104, and the identifier SAMJD-, through SAM_ID4 of the 
SAMs 105-, through 1064, respectively, of the user home 
network 103. 

[0115] The link digital watermark information Wl in- 
cludes, for example, the content ID of the content data 
C. By embedding the link digital watermark information 
Wl into the content data C, even for the content data C 
distributed via an analog broadcast, such as a television 
broadcast or an amplitude modulation (AMyfrequency 
modulation (FM) radio broadcast, in response to a re- 
quest from the user, the EMD service center 102 is able 
to introduce the content provider 1 01 , which handles the 
content data C, to the user. That is, the receiving side 
of the content data C detects the link digital watermark 
infonnation Wl embedded into the content data C by 
using a digital watermark information decoder, and 
sends the detected content ID to the EMD service center 
1 02. This enables the EMD service center 1 02 to intro- 
duce the content provider 101 , which handles the con- 
tent data C, to the user. 

[0116] More specifically, it Is now assumed that the 
user listens to a piece of music on air in an automobile 
and finds it interesting, and presses a predetermined 
button. Then, a digital watemnark information decoder 
integrated in the radio detects the content ID contained 
in the link digital watennark information Wl embedded 
into the content data C and the communication address 
of the EMD service center 1 02 which registers the con- 
tent data C. The digital watermark infomiation decoder 
then records the detected data on a medium SAM load- 
ed in a portable medium, for example, a semiconductor 
memory, such as, a Memory Stick (brand name), or an 
optical disc, such as, a mini disc (MD) (brand name). 



The portable medium is then set in a network device 
loaded with a SAM connected to a network. After per- 
forming mutual authentication between the SAM and the 
EMD service center 1 02, the ID information stored in the 
5 medium SAM and the recorded content ID are sentfrom 
the network device to the EMD sen/ice center 102. 
Then, the network device receives a list of content pro- 
viders which handlethe content data C, such as the con- 
tent provider 101 , from the EMD service center 102. 
10 [0117] Alternatively, in response to the content ID 
from the user, the EMD service center 102 may send 
information of the user to the content provider 101, 
which handles the content data C corresponding to the 
content ID. Upon receiving the above-mentioned infor- 
ms mation, if the user is found to have already made a con- 
tract with the content provider 1 01 , the content provider 
101 may send the content data C to the network device 
of the user If not, the content provider 101 may send 
promotion infonnation of the content provider 1 01 to the 
20 network deyice of the user. 

[01 18] In- a second embodiment (described below) of 
the present invention, based on the link digital water- 
mark infonnation Wl, the EMD service center 102 is 
able to introduce a service provider 31 0, which handles 
25 the content data C, to the user. 

[0119] Preferably, inthefirst embodiment, the content 
and the embedding position of the digital watermark in- 
formation may be defined as the digital watermark infor- 
mation module WM, which may be registered and man- 
30 aged in the EMD service center 1 02. The digital water- 
mark information module WM is used for verifying the 
digital watemnark information by, for example, the net- 
work device I6O1 and the AA/ machines I6O2 through 
I6O4 withiri the user home network 1 03. 
35 [0120] More specifically, the user home network 103 
detemnines based on the user digital watemnark infor- 
mation module WM managed by the EMD service center 
102 whether the content and the embedding position of 
the digital watennark information detected by the user 
40 home network 1 03 coincide with those managed by the 
EMD service center 102. If the detected information 
matches that of the EMD service center 1 02, the digital 
watennark information is determined to be legal. It is 
thus possible to detect illegally embedded digital water- 
45 mark infonnation with high probability. 

[0121] The AA^ decompression software Soft, which 
may be ATRAC3 decompression software, is used for 
decompressing the content file CF in the network device 
I6O1 and the AA/ machines I6O2 through I6O4 of the 
50 user home network 1 03. 

[0122] This enables the SAMs 105., through 1064 to 
decompress the content data C simply by using the A/ 
V decompression software stored in the secure contain- 
er 1 04. Accordingly, even if different compression/de- 
55 compression methods are set for the Individual items of 
content data C or for the individual content providers, a 
heavy buriden of decompressing the content data C is 
not imposed on the user. 
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[0123] The content file CF may contain, as shown in 
Fig. 4, a file reader and signature data for verifying the 
file reader by using a private key Kcp,s- This enables the 
SAMs 105i through 1064 to efficiently process a plurality 
of different types of secure containers 104 which store 
the different fonnats of content files CF. 
[0124] The file reader is used for reading the content 
file CF and the corresponding key file KF, and indicates 
the reading procedure of these files. 
[0125] In this ennbodiment, it is assumed that the file 
reader has been sent from the EMD service center 1 02 
to the SAI\/ls 105i through 1064, and thus, the content 
file CF of the secure container 1 04 does not store a file 
reader. 

[0126] In this embodiment, the encrypted content da- 
ta C is stored in the secure container 104 without de- 
pending on factors, such as the compression flag, I.e., 
whether the content data C is compressed, the com- 
pression method of content data C, the encryption meth- 
od (including the common key cryptosystem and the 
public key cryptosystem). the signal source of the con- 
tent data C (for example, the sampling frequency), and 
the signature-data creating method (algorithm). That is, 
the abovc-dcscribcd factors can be determined at the 
discretion of the content provider 101. 

Key file KF 

[0127] Fig. 5 illustrates details of the key file KFshown 
in Fig. SB. 

[0128] In this embodiment, for example, after regis- 
tration processing is performed by sending a registration 
module Mod2 from the content provider 1 01 to the EMD 
service center 102, as shown in Fig. 6, the key file KF 
for six months^ for example, is sent from the EMD serv- 
ice center 1 02 to the content provider 1 01 and is stored 
in a key file database. In sending and receiving the reg- 
istration module Mod2 and the key file KF, mutual au- 
thentication is performed between the content provider 
1 01 and the EMD service center 1 02, and the registra- 
tion module Modg and the key file KF are encrypted and 
decrypted by using session key data Kqes- 
[01 29] The key file KF is provided tor each content da- 
ta C, and is linked to the corresponding content file CF 
according to directory structure data DSD within the 
header of the content file CF, which is discussed in detail 
below. 

[0130] The l<ey file KF stores, as shown in Figs. SB 
and 5, a header, content key data Kc, the U CP data (li- 
cense agreement conditions) 106, SAM program down- 
load containers SDC^ through SDC3, and signature data 

^'^KI.ESC 

[0131] The signature data obtained by using the pri- 
vate key KgsG.s EMD service center 1 02 may be 
signature data SIG^^ gsc ®" clata stored in the 
key file KF, as shown in Fig. SB. Alternatively, the sig- 
nature data may be separately provided, as shown in 
Fig. 5, for information from the header to tlie key file, for 



the content key Kc and the UCP data 106, and for the 
SAM program download containers SDC. 
[0132] The content key data Kc and the UCP data 
106, and the SAM program download containers SDC^ 

5 through SDC3 are encrypted with the use of the license 
key data KD^ through KDg of corresponding periods. 
[0133] The UCP data 106 may not be stored in the 
key file KF, in which case, it is provided with signature 
data without being encrypted by the license key data. 

10 [0134] The header data contains, as shown in Fig. 5, 
a synchronization signal, a content ID, signature data 
for verifying the content ID by using the private key 
K^sc.s EMD service center 102, directory struc- 

ture data, hyperlink data, Infonnation concerning the key 

'5 file KF, and signature data for verifying the directory 
structure data by using the private key K^scs 
EMD service center 102. 

[01 35] Various types of information may be contained 
in the header data, and may be variable according to 
20 the situation. For example, information shown in Fig. 7 
may be contained. 

[0136] The content ID may store infomnation shown 
in Fig. 8. The content ID is created in the EMD service 
center 102 or the content provider 101, and the signa- 
ls ture data obtained by using the private key data Kgsc.s 
of the EMD service center 1 02, as shown in Fig. 8, or 
the signature data obtained with the private key data 
Kqp 3 of the content provider 1 01 is attached to the con- 
tent ID. The content ID may be created either in the con- 
30 tent provider 1 01 or the EMD service center 1 02. 

[0137] The directory structure data represents a rela- 
tionship among the content files CF and a relationship 
between the content file CF and the key file KF within 
the secure container 104. 
35 [0138] For example, If content files CF^ through CF3 
and the corresponding key files KF^ through KF3 are 
stored in the secure container 104, a link between the 
CFi through CF3 and a link between the content files 
CF^ through CF3 and the key files KF^ through KF3 are 
40 iestablished, as shown in Fig. 9, by the directory struc- 
ture data. 

[0139] The hyperlink data represents a hierarchical 
structure of the key file KF and a relationship between 
the content files CF and the key files KF by considering 

45 ail the files inside and outside the secure container 1 04. 
[0140] More specifically, address information to be 
linked and the authentication value (hash value) thereof 
are stored, as shown in Fig. 1 0, in the secure container 
104 for each content file CF and for each key file KF. 

50 The hash value of one content file CF or one key file KF 
obtained by a hash function H(x) is then compared with 
that of another file CF or another key file KFto be linked, 
thereby verifying the link between the files. 
[0141] The UCP data 106 is a descriptor which de- 

55 fines the operation rules of the content data C, for ex- 
ample, the suggested retailer's price (SRP) and the cop- 
ying rules desired by the operator of the content provider 
101. 
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[0142] More specifically, the UCP data 1 06 contains, 
as shown in Fig. 5, a content ID, an identifier of the con- 
tent provider 1 01 CP_ID, the effective date of the UCP 
data 106, the communication address of the EMD serv- 
ice center 102, use-space research information, the 
SRP, the usage policy, the UCS information, the DCS 
information for demonstrating the product, and signa- 
ture data for the above-described information. 
[0143] The UCS Infonnation indicates an accepted 
purchase mode selected from various purchase modes, 
for example, redistribution, pay per use, sell through, 
time limited sell through, sell through pay per play N, 
pay per time, pay per use for a SGMS device, pay per 
block, etc. 

[0144] In the second embodiment, which Is discussed 
below, in sending a secure container 304 to a user home 
network 303 via a service provider 310, the UCP data 
106 contains the identifier of the service provider 310 
SP_ID which is provided with the secure container 1 04 
by a content provider 301 . 

[0145] The SAM program download containers SDC^ 
through SDC3 stores, as shown in Fig. 5, a download 
driver indicating the procedure for downloading the pro- 
grams within the SAMs 1 05^ through 1 064, a label read- 
er, such as UCP-L (label). R (Reader), representing the 
syntax (grammar) of the UCP data U106, lock key data 
for locking or unlocking of the writing and the erasing of 
each block data stored in a storage unit 1 92 (a flash read 
only memory (ROM), such as a mask ROM 1104 or a 
non-volatile memory 1105) built in each of the SAMs 
105-, through 1064, and signature data for the above- 
described information. The mask ROM 11 04 or the non- 
volatile memory 1105 controls the writing and the eras- 
ing of the storage data in units of blocks based on the 
lock key data. 

[01 46] A description is now given of the mode in which 
the secure container 104 is supplied from the content 
provider 101 to the user home network 103. 
[0147] As discussed above, the content provider 1 01 
supplies the secure container 1 04 online or offline to the 
user home network 1 03. 

[0148] When the content provider 101 supplies the 
secure container 1 04 online to the network device 1 60^ 
of the user home network 103, the following process is 
taken. The content provider 101 mutually authenticates 
with the network device 1 60-, so as to share the session 
key (common key) Kqes- encrypts the secure con- 
tainer 104 by using the session key Kg^g and sends it 
to the EMD service center 102. The session key Kses 
is newly created every time mutual authentication is per- 
formed. 

[0149] As the communication protocol for sending the 
secure container 1 04, a Multimedia and Hypermedia in- 
formation coding Experts Group (MHEG) protocol is 
used for a digital broadcast, or extensible markup lan- 
guage (XML), synchronized multimedia integration lan- 
guage (SMIL), or hypertext markup language (HTML) 
may be used for the Internet. The secure container 1 04 
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is embedded within the corresponding protocol accord- 
ing to a tuhneling technique without depending on the 

coding method. 

[01 50] Accordingly, the format of the secure container 
5 104 does not have to match the communication proto- 
col, thereby increasing the flexibility in selecting the for- 
mat of the secure container 1 04. 
[0151] The communication protocol used for sending 
the secure container 1 04 from the content provider 1 01 
10 to the user home network 103 is not restricted to the 
above-described protocols. 

[0152] In this embodiment, as the modules built in the 
content provider 101 , the EMD service center 102, and 
the network device 160-, for communicating with each 
15 Other, tamper-free or high tamper-resistant communica- 
tion gateways which are protected from being monitored 
are used. 

[0153] In contrast, when the content provider 101 sup- 
plies the secure container 104 offline to the user home 

20 network 1 03, the secure container 1 04 is recorded on a 
recording medium (ROM or RAM), which is discussed 
in detail below, and the contents of the ROM or RAM is 
then supplied to the user home network 103 via a com- 
munication path. 

25 [0154] Fig. 11 illustrates a recording medium (ROM) 
130-, used in this embodiment. 

[0155] The recording medium (ROM) 130-| has a 
ROM area 1 31 , a secure RAM area 1 32, and a medium 
SAM 1 33. The content file CF shown in Fig. 3A is stored 

30 in the ROM area 131. 

[0156] The secure RAM area 132 is an area which re- 
quires a predetermined pennission (authentication) to 
make access, and stores signature data created by us- 
ing as arguments the key file KF shown in Fig. 3B, the 

35 public-key certificate data CER^p shown in Fig. 3C, and 
storage key data KgyR having a unique value according 
to the type of machine, by utilizing a message authen- 
tication code (MAC) function. The secure RAM area 132 
also store? data obtained by encrypting the key file KF 

40 and the public-key certificate data CERqp by using me- 
dium key data K^^j^d having a value unique to the re- 
cording medium. 

[0157] The secure RAM area 132 also stores public 
key certificate revocation datafor specifying the content 

45 provider 101 and the SAMs lOS^ through 1064 which 
have become invalid due to an illegal action. 
[0158] In communicating between the medium SAM 
used in this embodiment and a medium drive SAM 260, 
which is discussed below, one SAM compares its revo- 

50 cation list with that of the other SAM and determines 
when the lists were created. The revocation list created 
earlier is updated by the other revocation list. 
[01 59] The secure RAM area 1 32 stores the UCS data 
166 which is created when the purchase/usage mode 

55 of the content data C is determined in the SAMs 1 05.| 
through 1064 of the user home network 103. By storing 
the UCS data 166 in the secure RAM area 132, the re- 
cording medium (ROM) 130i in which the purchase/us- 
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age mode is determined can be provided. 
[01 60] The nnedium SAM 1 33 stores, for example, the 
media ID, which is the identifier of the recording medium 
(ROM) 130^, and the medium key data 
dium SAM 133-has, for example, a mutual authentica- 
tion function. 

[0161] The recording medium (ROM) usable in this 
embodiment may also be a recording medium (ROM) 

1302 shown in Fig, 12 or a recording medium (ROM) 

1303 shown in Fig. 13. 

[0162] The recording medium (ROM) I3O2 Illustrated 
In Fig. 12 has a ROM area 131 and a medium SAM 133 
having an authentication function, but is not provided 
with a secure RAM area 132, unlike the recording me- 
dium (ROM) 1 30^ shown in Fig. 11 . If the recording me- 
dium (ROM) 13O2 is used, the content file OF is stored 
in the ROM area 131 and the key file KF is stored in the 
medium SAM 133. 

[0163] The recording medium (ROM) 13O3 illustrated 
in Fig. 13 has a ROM area 131 and a secure RAM area 
132, but is not provided with a medium SAM 133, unlike 
the recording medium (ROM) 130^ shown in Fig. 11. If 
the recording medium (ROM) I3O3 is used, the content 
flic OF Is stored in the ROM area 131 , and the key file 
KF Is stored in the secure RAM area 1 32. Authentication 
is not performed with the corresponding SAM. 
[0164] Instead of a ROM recording medium, a RAM 
recording medium may be employed In this embodi- 
ment. 

[0165] As the RAM recording medium usable in this 
embodiment, a recording medium (RAM) 1304 having a 
medium SAM 133, a secure RAM area 132, and an un- 
secured RAM area 134 may be used, as shown in Fig. 
14. In this recording medium (RAM) 130^, the medium 
SAM 133 has an authentication function, and the secure 
RAM area 132 stores the key file KF. The unsecured 
RAM area 134 stores the content file OF. 
[0166] Alternatively, a recording mediurn (RAM) I3O5 
shown in Fig. 15 and a recording medium (RAM) 1306 
shown In Fig. 16 may be employed. 
[0167] The recording medium (RAM) I3O5 shown in 
Fig. 15 Includes an unsecured RAM area 134 and a me- 
dium SAM 133 having an authentication function, but is 
not provided with a secure RAM area 132, unlike the 
recording medium (RAM) I3O4 shown in Fig. 14. In us- 
ing the recording medium (RAM) I3O5, the content file 
CP is stored in the unsecured RAM area 134, and the 
key file KF is stored in the medium SAM 133. 
[0168] The recording medium (RAM) ISOg includes a 
secure RAM area 1 32 and an unsecured RAM area 1 34, 
but is not provided with a medium SAM 133, unlike the 
recording medium (RAM) I3O4 shown in Fig. 14. In us- 
ing the recording medium (RAM) 130g, the content file 
CF Is stored in the unsecured RAM areaM34, and the 
key file KF Is stored in the secure RAM area 132. Au- 
thentication Is not performed with the corresponding 
SAM. : 
[0169] As stated above, regardless of whether the 
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content data C is distributed online via a network or of- 
fline using, for example, the recording medium 130^ 
from the content provider 1 01 to the user home network 
103, the common format of the secure container 104 

5 which stores the UCP data 106 is used for distributing 
the content data C. This enablesthe SAMs 1 05^ through 
1064 of the user home network 103 to perform rights 
processing based on the common UCP data 106. 
[0170] As also discussed above. In this embodiment, 

^0 the in-band system is employed in which the content da- 
ta C encrypted with the content key data Kc is stored 
together with the content key data Kc for decrypting the 
content data C In the secure container 1 04. According 
to this In-band system, It Is not necessary to separately 

15 distribute the content key data Kc when the user home 
network 1 03 plays back the content data C, thereby re- 
ducing the burden in network communication. The con- 
tent key data Kc is encrypted with the license key data 
KD^ through KDq. However, the license key data KD-| 

20 through KDq are managed in the EMD service center 
1 02 and have already been distributed to the SAMs 1 05^ 
through IO54 of the user home network 103 when the 
SAMs 105^ through 1064 first accessed the EMD serv- 
ice center 1 02. This enables the user home network 1 03 

25 to use the content data C offline without accessing the 
EMD service center 1 02 online. 

[0171] In the present invention, the out-of-band sys- 
tem may be employed in which the content data C and 
the content key data Kc are separately supplied to the 

30 user home network 1 03, which will be described below. 
[01 72] The process for creating the secure container 
104 by the content provider 101 Is as follows. 
[01 73] Figs. 1 7 through 1 9 are a flow chart Illustrating 
the above-described process. 

35 [0174] In step S17-1 (Fig. 17), the content provider 
101 registers offline In the EMD service center 102 by 
using the ID certificate of the content provider 101 or the 
bank account for settling the account, and acquires the 
globally unique identifier CPJD. The content provider 

40 101 has already obtained the public key certificate CER- 
cp of the content provider 101 from the EMD service 
center 102. 

[0175] In step S17-2, the content provider 101 then 
digitizes content master sources, such as content data 

45 to be authored and prestored legacy content data, and 
assigns the content IDs to such data. The content mas- 
ter sources are then stored In a content master source 
database and are centrally managed. 
[0176] Then, In step SI 7-3, the content provider 101 

so creates meta data Meta for each of the centrally man- 
aged content master sources and stores it in a meta da- 
tabase. 

[0177] Subsequently, In step SI 7-4, the content pro- 
vider 101 reads content data, I.e., a content master 
55 source, from the content master source database, and 
embeds digital watermark Information in the content da- 
ta. 

[0178] In step SI 7-5, the content provider 101 stores 
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the content and the embedding position of the digital wa- 
ternnark information embedded in step S17-4 in a pre- 
determined database. 

[0179] Then, in step S17-6. the content data having 
the embedded digital watermark infomiation Is com- 
pressed. 

[0180] lnstepS17-7,thecontentprovider101 creates 
content data by decompressing the content data com- 
pressed in step S17-6. 

[0181] In step S17-8, the content provider 101 per- 
forms an audio check on the compressed content data. 
[0182] Thereafter, in step S17-9, the content provider 
101 detects the digital watermark embedded into the 
content data based on the content and the embedding 
position of the digital watennark Information stored in 
the database in step SI 7-5. 

[01 83] If both the audio check and the detection of the 

digital watermark information have been successfully 
performed, Ihe conlenl provider 101 executes process- 
ing of step S17-10 (Fig. 18). If either of the above-de- 
scribed processing has failed, the processing of step 
SI 7-4 Is repeated. 

[0184] In step 817-10, the content provider 101 gen- 
erates a random number to create the content key data 
Kc and retains It. The content provider 101 also encrypts 
the content data compressed in step S17-6 by using the 

content key data Kc. 

[0185] In step 817-11, the content provider 101 cre- 
ates the content file CF shown in Fig. 3A and stores it 
In the content file database. 

[0186] Then, in step 81 7-12, the content provider 1 01 
creates the UCP data 106 concerning the content data 
C. 

[0187] In step SI 7-1 3, the content provider 101 de- 
termines the SRP and stores it in the database. 
[0188] In step 817-14, the content provider 101 out- 
puts the content ID, the content key data Kc, and the 
UCP data 1 06 to the EMD service center 1 02. 
[01 89] Subsequently, in step SI 7-1 5, the content pro- 
vider 1 01 receives the key file KF encrypted with the li- 
cense key data KD^ through KD3 from the EMD service 
center 102, 

[0190] In step S1 7-1 6, the content provider 101 stores 
the received key file KF in the key file database. 
[0191] In step 817-17 (Fig. 19), the content provider 
101 hyperlinks the content file CF and the key file KR 
[0192] In step SI 7-1 8, the content provider 1 01 cre- 
ates the signature data SIGg cp ^^om the hash value of 
the content file CF by using the private key data Kcps- 
The content provider 1 01 also creates the signature da- 
ta SIGycp from the hash value of the key file KF by using 
the private key data K^pg. 

[0193] In step S1 7-1 9, the content provider 1 01 gen- 
erates the secure container 1 04 storing the content file 
CF, the key file KF, the public-key certificate data CER- 
QP, the signature data SIGs cp. SIG7 cp, and SIG^ gsc, 
as shown in Figs. 3A through 3C. 
[0194] If it is desired that content data Is provided In 



a composite format including a plurality of secure con- 
tainers, each secure container 1 04 is created by repeat- 
ing the processes in step S17-1 through 817-19. Then, 
in step 817-20, a relationship between the content files 
5 CF and the . key files KF is hyperlinked, and also a rela- 
tionship between the content files CF is hyperlinked. 
[01 95] Thereafter, in step S1 7-21 , the content provid- 
er 101 stores the created secure container 104 in the 
secure container database. 

10 

[EMD service center 1 02] 

[0196] Fig. 20 illustrates the basic functions of the 
EMD service center 1 02. Primarily, as shown in Fig. 20, 

15 the EMD center 1 02 supplies the license key data to the 
content provider 1 01 and the SAMS 1 05^ through 1 0S^, 
issues public-key certificate data CER^p, and CERsami 
through CERsam4, creates the key file CF, and performs 
payment settlement (profit distribution) based on the us- 

20 age log data 108. 

Supply of license key data 

[0197] A description is first given of the process for 
25 sending the license key data from the EMD service cent- 
er 1 02 to the SAMs 1 05-| through 1 064 of the user home 
network 103. 

[01 98] The EMD service center 1 02 reads the license 
key data KD^ through KD3 regularly, for example, for 
30 three months, from the key database, and creates the 

signature data SIGkdi ,esc through 8IGkd3,esc ^^^^ 
hash values by using the private key data Kesc.s 
EMD service center 102. 

[0199] The EMD service center 1 02 then encrypts the 
35 license key data KD^ through KD3 for three months and 
the signature data SIGj^qi through 81Gj^q3^3q by 
using the session key data Kses» which is obtained by 
performing mutual authentication with the SAMs 105-j 
through 1664, and sends the encrypted data to the 
40 SAMS 1 05^ through 1 064. 

[0200] Similarly, the EMD service center 102 sends, 
for example, the license key data KD^ through KDg for 
six months, to the content provider 1 01 . 

45 Issuing of public-key certificate data 

[0201] A description is given below of he process to 
be executed when the EMD service center 1 02 receives 
a request to issue the public-key certificate data CERcp 

50 from the content provider 101. 

[0202] Upon receiving the identifier of the content pro- 
vider 101 CPJD, the public key data K^pp, and the sig- 
nature data SIG9 CP from the content provider 1 01 , the 
EMD service center 1 02 decrypts such data by using 

55 the session key data Kqes obtained by perfomning mu- 
tual authentication with the content provider 101 . 
[0203] After verifying the integrity of the decrypted 
signature data SIGgcp. the EMD service center 102 
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makes a determination, based on the identifier CP_ID 
and the public key data Kcp.p, whether the content pro- 
vider 1 01 . which has requested the issuing of the public- 
key certificate data, is registered in a CP database. 
[0204] Then, the EMD sen/ice center 102 reads the 
X. 509-fonnat public-key certificate data CERcp of the 
content provider 101 from the certificate database, and 
creates the signature data SIG^ esc^^^'^ ^'^^ hash value 
of the pubiic-key certificate data CERcp by using the pri- 
vate key K£3Q s of the EMD service center 1 02. 
[0205] The EMD service center 1 02 encrypts the pub- 
lic-key certificate data CER^p and the signature data 
ESC using the session key data ^sBs obtained 
by performing mutual authentication with the content 
provider 101. and sends the encrypted data to the con- 
loni provider 101 . 

[0206] The process to be performed when the EMD 

service center 102 receives a request from the SAM 
105, to issue the public-key certificate data GERsami 's 
similar to that when receiving a request to issue the pub- 
lic-key certificate data CERqp from the content provider 
101. except that processing is performed with the SAM 
105^. The public-key certificate data CERsami '® 
described in X. 509 fonnat. ' 
[0207] In the present invention, if it is designed that 
the private key data Ksami.s public key data 

KsAMi.p stored In a storage unit of the SAM 1051 
when shipping the SAM 1 05^ , the EMD service 1 02 may 
create the public-key certificate data CERsami 
public key data Kg^^i^^ p when shipping the SAM 105^. 
In this case, the created public-key certificate data 
CERsami be stored in the storage unit of the SAM 
1 05i when shipping the SAM 1 05^ . 

Creating of key file KF 

[0208] Upon receiving the registration module Mod2 
shown in Fig. 6 from the content provider 1 01 , the EMD 
service center 102 decodes the registration module 
Mod2 by using the session key Kses obtained by con- 
ducting mutual authentication with the content provider 
101. 

[0209] The EMD service center 1 02 thdn verifies the 
integrity of the signature data SIG^i cp.^y using the 
public key data Kqpp read from the key database, 
[0210] Subsequently, the EMD service center 102 
registers In the UCP database the UCP data 106, the 
content key data Kc, the digital watermark Information 
control data WM, and the SRP stored In the registration 
module Mod2. 

[021 1 ] The EMD service center 1 02 encrypts the con- 
tent key data Kc, the UCP data 106, and the SAM pro- 
gram download containers SDC.| through SDC3 by us- 
ing the license key data KD^ through KDg of correspond- 
ing periods read from a key server. 
[0212] The EMD service center 1 02 then creates the 
signature data SIG,^^ ^sc ^^^^ the hash values of the 
header data, the content key data Kc, the UCP data 1 06, 



and the SAM program download containers SDC^ 
through SDC3 by using the private key data Kesc.s of 
the EMD service center 102. 

[0213] in this manner, the EMD service center 102 
5 creates the key file KF shown In Fig. 3B and stores it In 
the KF database. 

[0214] Thereafter, the EMD service center 102 reads 
the key file KF from the KF database and encrypts it by 
using the session key data Kg^s obtained by conducting 
10 mutual authentication with the content provider 101, and 
then sends it to the content provider 101 . 

Settlement processing 

15 [0215] Payment settlement perfomned in the EMD. 
service center 1 02 is as follows. 
[0216] Upon receiving from, for example, the SAM 
1 05^ of the user home network 1 03, the usage log data 
108 and signature data SIG200.SAMI thereof, the EMD 

20 service center 1 02 decrypts such data by using the ses- 
sion key data Ks^s obtained by performing mutual au- 
thentication with the SAM 105^, thereby verifying the 
signature data SIG200 sami created by the public key da- 
ta KsAMi of the SAM \05^. 

25 [0217] Fig. 21 illustrates data described in the usage 
log data 108. The usage log data 108 contains, as illus- 
trated in Fig. 21 , for example, an ESC_content ID, which 
is a globally unique identifier provided by the EMD serv- 
ice center 102, for the content data C stored in the se- 

30 cure container 104, a CP_content ID, which is a globally 
unique identifier provided by the content provider 101 , 
for the content data C, a user ID, which is an Identifier 
of the user who has received the secure container 1 04, 
user information, a SAMJD, which is an identifier of 

55 each of the SAMs 105^ through 1064 received the se- 
cure container 104, a HNG_ID, which is an identifier of 
a home network group to which the corresponding SAM 
belongs, discount information, tracing information, a 
price tag, a CPJD of the content provider 101 which has 

^0 provided the content data C, a service provider (portal) 
ID, a hardware provider ID, an identifier of a recording 
medium MediaJD which records the secure container 
104, a component ID, which is an identifier of a prede- 
termined component, such as a compression method 

^5 for the secure container 104, an identifier of a license 
owner LH_ID of the secure container 104, an identifier 
of the EMD service center 1 02 ESC_!D which performs 
payment settlement of the secure container 1 04. 
[0218] In the second embodiment, which Is discussed 

50 below, in addition to the above-described data con- 
tained in the usage log data 108, usage log data 308 
includes an identifier SP_content ID provided by the 
service provlder310 for the content data C, and an Iden- 
tifier of the service provider 310 SP_ID which has dis- 
ss tributed the content data C. 

[021 9] if it is necessary that the payment made by the 
user of the user home network 103 is distributed to 
neighboring rights holders other than the content pro- 
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vider 1 01 , for example, license owners for the compres- 
sion method, the recording medium, etc., the EMD serv- 
ice center 102 determines the amount of payment ac- 
cording to a predetermined distribution rate, and creates 
the settlement report data and settlement request data 
1 52 based on the determined amounts of payment. The 
distribution rate may be created for each content data 
stored in the secure container 1 04. 
[0220] Thereafter, the EMD sen/ice center 1 02 per- 
forms payment settlement based on the SRP and the 
sales price contained in the UCP data 1 06 read from the 
UCP database and also based on the usage log data 
108, and creates the settlement request data 152 and 
the settlement report data 107. 
[0221] The settlement request data 1 52 is authorized 
data which can requestthepaymentfrom the settlement 
organization 91 based on the aforementioned data, and 
if the payment made by the user is to be distributed to 
a plurality of rights holders, the settlement request data 
1 52 Is created for each rights holder. 
[0222] The EMD service center 1 02 then decrypts the 
settlement request data 152 and signature data SIG99 
thereof through mutual authentication and using the 
session key data Kqes' ^^^^ sends them to the set- 
tlement organization 91 via the payment gateway 90 
shown in Fig. 1 . 

[0223] Accordingly, the amount of payment indicated 
In the settlement request data 1 52 is paid to the content 
provider 101 . 

[0224] The EMD service center 1 02 sends the settle- 
ment report data 1 07 to the content provider 101. 

[User home network 1 03] 

[0225] The user home network 1 03 has, as illustrated 
in Fig. 1 , the network device 160-, and the AA/ machines 
I6O2 through I6O4. The network device 160^ has the 
built-in SAM 1 05i. The AA/ machines 1 6O2 through 1 6O4 
have the built-in SAMs 1052 through IO54, respectively. 
The SAMs lOSg through IO54 are connected to each 
other via the bus 1 91 , for example, an IEEE-1394 serial 
interface bus. 

[0226] A network communication function may be 
provided for the AN machines I6O2 through I6O4, 
though it Is not essential, if a network communication 
function is not provided, the A/V machines 1 6O2 through 
1 6O4 may simply use the network communication func- 
tion of the network device 1 601 via the bus 1 91 Alter- 
natively, the user home network 103 may include only 
AA/ machines without a network function. 
[0227] Details of the network device 160^ are as fol- 
lows. 

[0228] Fig. 22 is a block diagram of the network device 
160-,. The network device I6O1 Is formed of the SAM 
150^, a communication module 162, an A/V compres- 
sion/decompression SAM 163, an operation unit 165, a 
download memory 167, a playback module 169, an ex- 
ternal memory 201 , and a host central processing unit 



(CPU) 810." 

[0229] The host CPU 810 centrally controls the 
processing executed within the network device I6O1, 
and the host CPU 81 0 and the SAM 1 05^ have a master- 
5 slave relationship. 

[0230] The relationship between the host CPU 810 
and the SAM 1 05^ is discussed in detail below with ref- 
erence to Fig. 23. 

[0231] In the network device 160^, as shown in Fig. 
10 23, the host CPU 810 and the SAM 105^ are connected 
via a host CPU bus 1000. 

[0232] When one of a plurality of interrupt types is se- 
lected according to the operation performed on the op- 
eration unit 165 by the user, the host CPU 810 receives 
15 an external interrupt (hardware interrupt) SI 65 indicat- 
ing the selected interrupt. 

[0233] If the task corresponding to the Interrupt SI 65 
is found to be executed by the SAM 1 05^ , the host CPU 
810 outputs an internal interrupt (software interrupt) 
20 S810 Indicating the task to the SAM 1 0S-j via the host 
CPU bus 1000. 

[0234] Then, the SAM 1 05., Is recognized as an input/ 
output (I/O) device by the host CPU 810, and upon re- 
ceiving the. internal interrupt S810, which is a function 
25 call, from the host CPU 810, the SAM 105i executes the 
requested task and returns the execution result to the 
host CPU 810. 

[0235] The major tasks executed by the SAM 105-, 
may include processing for purchasing content data (ac- 
30 counting processing), signature checking, mutual au- 
thentication, playback of content data, updating, regis- 
tration, downloading, etc. Such tasks are processed 
within the SAM 105^ while being completely shielded 
from an external source, thereby preventing the host 
35 CPU 810 from monitoring the processed result. 

[0236] The host CPU 81 0 knows which tasks should 
be requested to the SAM 1 05^ according to the type of 
event. More specifically, upon receiving the external in- 
terrupt SI 65 by the user's operation performed on the 
40 operation unit 165, such as an external key device, the 
host CPU h^ 0 determines that the task by the external 
interrupt S1 65 is to be executed by the SAM 1 05^ . Then , 
the host CPU 81 0 outputs the internal interrupt S81 0 to 
the SAM l"05i via the host CPU bus 1000 so as to re- 
45 quest it to execute the task. 

[0237] Interrupts from an I/O device, such as an ex- 
ternal key device, for example, a commander or a key- 
board, to the host CPU 810 occur asynchronously with 
a user program executed by the host CPU 810. Such 
50 Interrupts are normally referred to as the "hardware In- 
terrupts" or "external interrupts". 

[0238] Interrupts, received by the host CPU 810, for 
viewing arid listening to the content or purchasing the 
content are hardware interrupts. In this case, the I/O de- 
55 vice which generates a hardware interrupt may be a key 
device, such as buttons or graphic user interface (GUI) 
icons, of the network device leo^. In this embodiment, 
the operation unit 165 serves as such an I/O device. 
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[0239] On the other hand, interrupts generated by the 
execution of a user program (program) by the host CPU 
810 are referred to as "software interrupts" or "internal 
interrupts". 

[0240] Generally, an interrupt signal of the external in- 5 
terrupt S1 65 is output from the operation unit 1 65 to the 
host CPU 810 via a specific line for external Interrupts, 
which is separately provided from the host CPU bus 
1000. 

[0241] One external Interrupt SI 65 Is differentiated fo 
from the other external interrupts SI 65 by assigning 
numbers to the I/O devices which generate interrupts. 
For example, for a keyboard, numbers are assigned to 
the individual buttons (such numbers are referred to as 
"interrupt types"). Upon pressing one of the buttons, the is 
corresponding information is reported from the opera- 
tion unit 165 to the host CPU 810 via the specific line, 
and the number of the pressed button Is stored in a 
memory of the I/O interface. In response lo the informa- 
tion indicating that the button has been pressed, the host 20 
CPU 81 0 accesses the memory of the I/O interface and 
identifies the interrupt type from the number of the but- 
ton, thereby controlling the execution of an interrupt rou- 
tine corresponding to the number of the button. 
[0242] In this case, if the Interrupt routine is to be ex- 25 
ecuted by the SAM 105^, the host CPU 810 sends the 
internal interrupt S810 to the SAM 105^ to request it to 
execute the task. 

[0243] As discussed above, tasks to be executed by 
the SAM 105^ may include: so 

1. Purchasing content (including purchasing keys 
and demonstration of the content); 

2. Playback of content; and 

3. downloading from the content provider 101 and 35 
the EMD service center 1 02 (updating, receiving us- 
age log, and program downloading). 

[0244] The host CPU 81 0 first receives external inter- 
rupts SI 65 corresponding to tasks 1 , 2, and 3 from the 40 
operation unit 165 via the specific line, and outputs the 
corresponding internal interrupts S810totheSAM 105.|, 
so that the SAM 105^ executes tasks 1 , 2 and 3. 
[0245] The I/O devices which generate interrupts cor- 
responding to tasks 1 and 2 are the external key device, 45 
such as the buttons or the GUIs of the network device 
160^. 

[0246] In the case of task 3, It is not that a push-type 
downloading secure container 1 04 is sent from the con- 
tent provider 101, but that an active pull-type secure so 
container 1 04 is sent to the network device 1 60^ (client) 
by performing polling to access the content provider 
101. Accordingly, the host CPU 810 knows that the 
downloaded secure container 1 04 is stored in the down- 
load memory 1 67 within the network device 1 6O-1 . Thus, 55 
in actuality, the host CPU 810 merely generates the in- 
ternal interrupt S81 0 and sends it to the SAM 1 05.| with- 
out receiving the external interrupt S1 65 from the oper- 



ation unit 165. 

[0247] Since the SAM 105^ serves as an I/O device 
(slave) of the host CPU 810, the main routine of the SAM 
105^ is started when being powered on, and then, enters 
the standby (waiting) mode. 

[0248] Subsequently, immediately when receiving the 
internal Interrupt S81 0 from the host CPU 810 (master), 
the SAM 105-, begins processing the task while being 
completely shielded from an external source. Then, the 
SAM 1 05^ reports the completion of processing the task 
to the host CPU 81 0 by the external interrupt (hardware 
interrupt), and requests the host CPU 810 to receive the 
result. Accordingly, the SAM 1 05^ does not contain a 
user main program (user program). 
[0249] The SAM 105^ executes processing, such as 
for purchasing the content, playback of the content, and 
downloading from the content provider 101 and the 
EMD service center 102, as an interrupt routine. The 
SAM 1 05^ generally waits in the standby mode, and up- 
on receiving the internal interrupt S810 from the host 
CPU 810, the SAM 105^ executes the interrupt routine 
corresponding to the interrupt type (number) (function 
call command), and requests the host CPU 810 to re- 
ceive the result. 

[0250] More specifically, a request to execute a task 
from the host CPU 81 0 to the SAM 1 05^ by the internal 
interrupt S810 is made according to an I/O command, 
and then, the SAM 105., interrupts itself based on the 
function call command received from the host CPU 81 0. 
In actuality, the host CPU 81 0 outputs the Internal inter- 
rupt S81 0 to the SAM 1 05^ by perfomiing the chip select 
for selecting the SAM 1 05^ . 

[0251] As discussed above, although the host CPU 
81 0 receives the external interrupt SI 65 for purchasing 
or playing back the content, it request the SAM 1 05^ to 
execute the corresponding task. This is because the 
task Involves the security, such as encryption process- ' 
ing, creating and checking signatures, accompanied by 
the processing for purchasing the key. 
[0252] The interrupt routine stored in the SAM 105.j 
serves as a sub routine of the interrupt routine of the 
host CPU 810. 

[0253] The interrupt routine executed by the host CPU 
810 is a task which makes an instruction to send the 
Internal Interrupt (function call) S810 requesting the ex- 
ecution of the task corresponding to the external Inter- 
rupt S1 65 to a common memory space of the SAM 1 05., . 
[0254] As shown in Fig. 24, each of the interrupt rou- 
tines stored in the SAM 1 05^ contains sub routines. Pro- 
grams which can be shared with the other interrupt rou- 
tines are preferably defined as sub-routines, thereby 
saving the memory space. The processing of the SAM 
105^ may be executed in a manner similar to that exe- 
cuted by a CPU, such as concurrently defining sub-rou- 
tines from an interrupt routine or defining second-gen- 
eration sub-routines from a first-generation sub-routine. 
[0255] Referring back to Fig. 23, the relationship be- 
tween the host CPU 81 0 and the SAM 1 05., is described. 
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As discussed above, the host CPU 810 receives an in- 
terrupt fronn an I/O device, such as an external key de- 
vice, as the external interrupt (hardware interrupt) S165 
via a specific line. 

[0256] A number is provided for each specif ic line, and 
according to the nunnber, the corresponding interrupt 
vector is extracted fronn an interrupt vector table stored 
in a system memory of the host CPU 810, thereby start- 
ing the interrupt routine. 

[0257] There are two kinds of interrupt types: one type 
is an indirect access indicating a selection number of 
the interrupt vector in the vector table, and the other type 
is a direct access indicating the start address of the in- 
terrupt routine. 

[0258] If the received external interrupt indicates a 
task to be executed by the SAM 1 05^ , the host CPU 8 1 0 
outputs the internal interrupt S81 0 to the SAM 1 05^ and 
requests it to execute the task (I/O command). 
[0259] The type of task is defined by a command 
name, and the host CPU 810 outputs the command- 
based internal interrupt S810 to the SAM lOS^. When 
being powered on, the SAM 105., initializes the program 
and checks the integrity of the SAM 105^, as shown in 
Fig. 24, and then, enters a sleep mode (standby mode). 
In the sleep mode, only the operation of the CPU is 
stopped, and the sleep mode is released by any inter- 
rupt. Thereafter, the status o> the SAM 1 05-, is shifted to 
a program execution status via an execution handling 
status. Upon receiving an internal interruptfrom the host 
CPU 810, the SAM 105^ executes the corresponding 
task and returns the result to the host CPU 81 0. 
[0260] In response to the result from the SAM 105^, 
the host CPU 81 0 starts to take another action. Howev- 
er, even while the SAM 105^ is executing one task, the 
host CPU 81 0 may perfomn anothertask. The host CPU 
810 receives the execution result of the task from the 
SAM 1 05i as an interrupt. 

[0261 ] There are two approaches to reporting the ex- 
ecution result of the task from the SAM 1 05-i to the host 
CPU 81 0. One approach is to output an intermpt to the 
host CPU 810 and to request the host CPU 810 to re- 
ceive the result. The other approach is to provide status 
registers (which is referred to as the "SAM status regis- 
ters") in an address space of the SAM 105i which is ac- 
cessible by the host CPU 81 0. (A read/write command, 
address information, and data from the host CPU 810 
are carried to the address space.) According lo the sec- 
ond approach, the type of task, flags Indicating whether 
the task is being waited, executed, or completed, etc. 
can be set in the SAM status register (SAM^SR), and 
the host CPU 810 regularly performs polling (reading 
data) to the SAM status register. 

[0262] Afirst SAM status register sets aflag indicating 
the status of the SAM 105^ read by the host CPU 810. 
[0263] A second SAM status register sets flags des- 
ignating whether the execution of the task from the host 
CPU 810 has been requested. These flags are read by 
the CPU within the SAM lOS^. Based on the priority of 



• bus mediation, both the host CPU 810 and the SAM 
105i are allowed to access the flags set in the first and 
second SAM status registers. 

[0264] More specifically, in the first SAM status regis- 
5 ter, flags are set indicating whether the SAM is executing 
the task, has completed the task, or is waiting for a task 
to be executed. The name of the task is also indicated 
in the first SAM status register. The host CPU 810 reg- 
ularly performs polling to access the first SAM status 
10 register, 

[0265] In the second SAM status register, flags are set 
indicating whether the execution of a task has been re- 
quested from the host CPU 810 or is in the standby 
mode. 

15 [0266] The I/O write command is first sent from the 
host CPU 810 to the SAM 105^, which is an I/O device, 
followed by data and address information to be written. 
The address information (data storage location) is 
stored in the common memory space shared by the host 

20 CPU 81 0 and the SAM 1 05^ . 

[0267] It is required that the memory address space 
within the SAM 105., should be invisible from the host 
CPU 810 (tamper-resistance characteristics). Accord- 
ingly, the memory address space within the SAM 105., 

25 should be managed so that only part of a static random 
access memory (SRAM) for a work stack, or part of an 
external flash ROM (electrically erasable programmable 
read only memory (EEPROM)) is visible from the host 
CPU 810. Thus, a large amount of data is written into 

30 part of the SRAM or part of the EEPROM from the host 
CPU 810, and a small amount of data is written into a 
temporary register within the SAM 105-, which can be 
visible from^ the host CPU 810. 

[0268] The address of an interrupt routine to be exe- 
35 cuted by ari interrupt is referred to as the "interrupt vec- 
tor". The interrupt vectors are stored in the vector table 
according to the order of the interrupt types. 
[0269] Upon receiving an external interrupt, as shown 
in Fig. 25, according to the interrupt type (number), the 
40 host CPU 81 0 extracts the inten^upt vector from the in- 
terrupt vector table stored in the memory, and executes 
the corresponding routine started from the address (in- 
terrupt vector) as a sub-routine. 

[0270] In this embodiment, in performing one of the 
45 above-described tasks 1 through 3, an external interrupt 
occurs from the con^espondlng I/O device by a physical 
interrupt signal, and the host CPU 81 0 sends a function 
call (procedure call) by using an internal interrupt (soft- 
ware interrupt) to the SAM 105^ and request it to exe- 
50 cute the interrupt routine (task) according to the interrupt 
type (number). Then, the host CPU 8 1 0 receives the ex- 
ecution result of the task and starts to take another ac- 
tion. 

[0271] The internal interrupt is a software interrupt 
55 generated from the user program, i.e., the CPU, as il- 
lustrated in Fig. 26. The internal interrupt Is generated 
by the execution of an INT command of a machine lan- 
guage. 
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[0272] Details of the function call (procedure call) are 
as follows. 

[0273] An interrupt routine Is fornned of snnall func- 
tions, and a command name Is defined for each function. 
By designating the connmand name together with the in- 5 
terrupt command INT from the user program, the target 
function can be fulfilled. This is referred to as the "func- 
tion call (procedure call)". In this manner the function 
call is perfomried through the Internal Interrupt (software 
Interrupt). io 
[0274] . In perfomning the function call, parameters for 
executing the interrupt routine are delivered by inputting 
the function call number In the register of the CPU, 
thereby designating the target function. The result is re- 
turned to the register or the memory, or the correspond- '5 
ing operation is performed. , 
[0275] For example, In executing code A within the us- 
er program shown in Fig. 27, the host CPU 810 desig- 
nates the interrupt command INT and the command 
name "INT 21 H", and the CPU of the SAM 1 05^ access- 20 
es the memory area corresponding to the interrupt type 
"21 H", and also accesses a command analyzer, thereby 
executing the sub-routine of the function 3. 
[0276] The processing statuses of the CPU of the 
SAM 105^ are discussed below with reference to Fig. 
28. 

[0277] There are five statuses of the CPU of the SAM 

1 05., , as illustrated in Fig. 28: a reset status ST1 , an ex- 
ception handling status ST2, a program execution sta- 
tus ST3, a bus-right release status ST4, and a low power 
status ST5. 

[0278] Details of the Individual statuses are as fol- 
lows. 

[0279] The reset status ST1 is a status in which the 
CPU is reset. 

[0280] The exception handling status ST2 is a transi- 
tional status In which the CPU Is shifting the processing 
status due to an external handling factor, such as reset- 
ting or interrupt processing. In performing interrupt 
processing, by referring to a stack pointer (SP), the 
count value of a program counter (PC) and the value of 
a status register (SR) are temporarily stored In a stack 
area. The address at which the interrupt routine is start- 
ed is then extracted from the exception-handling vector 
table, and the routine is branched to the address, there- 
by starting the program. The status of the CPU is then 
shifted to the program execution status ST3. 
[0281] The program execution status ST3 is a status 
in which the CPU Is sequentially executing programs. 
[0282] The bus-right release status ST4 Is a status In 
which the CPU releases the bus to a device which has 
requested a bus right. 

[0283] The low power status ST5 has three modes, 
such as a sleep mode, a standby mode, and a module 
standby mode. 

(1 ) Sleep mode 

The operation of the CPU is discontinued, but 



data stored in the internal register of the CPU, data 
In a built-in cache memory, and data in a built-in 
RAM are retained. The functions of built-in periph- 
eral modules other than the CPU are still working. 

The sleep mode is released by resetting, any 
interrupt, or a direct memory access (DMA) address 
error, and Is shifted to the program execution status 
ST3 via the exception handling status ST2. 

(2) Standby mode 

In the standby mode, the functions of the CPU, 
a built-in module, and an oscillator are completely 
stopped. Data of a built-in cache memory and data 
of a built-in RAM are not retained. The standby 
mode is released by resetting or an external non- 
maskable Interrupt (NMI). After being released, the 
standby mode is shifted to the normal program sta- 
tus via the exception handling status ST2 after the 
lapse of a period required for stabilizing oscillations. 
In the standby mode, since the oscillator Is stopped, 
power consumption is considerably reduced. 

(3) Module standby mode 

The supply of a clock to a built-in module, such 
as a DMA, is discontinued. 

[0284] The relationship between the host CPU 810 
and the SAM 1 0S^ is described below through a memory 
space with reference to Fig. 29. 

[0285] Upon receiving an external interrupt through a 
user's operation on a button, as shown in Fig. 29, a CPU 
81 Oaof the host CPU 810 interrupts the execution of the 
user program, and designates the interrupt type so as 
to access the hardware Interrupt area of the Interrupt 
vector table. Then, the CPU 810a executes the interrupt 
routine stored in the accessed address. The interrupt 
routine describes the process for outputting a function 
call 1-1, 1-2, 2, or 3, which is the internal interrupt, to 
the SAM 1 05^ so as to request the SAM 1 05^ to execute 
the corresponding task, and tor acquiring the execution 
result from the SAM 1 05-, and then returning to the user 
program. More specifically, the CPU 810a writes infor- 
mation for specifying the task Into an SRAM 1155, which 
forms part of a memory 105^ a within the SAM 105^ and 
which serves as a common memory for the host CPU 
810 and the SAM 105i. 

[0286] In outputting the internal Interrupt to the SAM 
105^, the CPU 810a of the host CPU 810 turns on the 
task waiting flag of a second SAM status register 1156b 
within the SAM 105.,. 

[0287] A CPU 1 1 00 of the SAM 1 05^ checks the sec- 
ond SAM status register 1 1 56b and accesses the SRAM 
1155 so as to specify the type of task requested by the 
host CPU 810, thereby executing the corresponding in- 
terrupt routine. The interrupt routine is executed by 
reading sub-routines, as stated above, which include, 
for example, mutual authentication with a recording me- 
dium, an AA/ compression/decompression SAM, a me- 
dia drive SAM, an IC card, and the EMD sen/ice center 
102, mutual authentication between machines, and cre- 
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ating and checking of signature data. 
[0288] The CPU 1 1 00 of the SAM 1 05^ stores the re- 
sult of the interrupt routine (task result) in the SRAM 
1 1 55, and also turns on the task connpletlon flag of a first 
SAM status register 1156a within the SAM 1 05^. 
[0289] After checking that the task completion flag of 
the first SAM status register 1156a is on, the host CPU 
810 reads the task result from the SRAM 1155 and re- 
turns to the processing of the user program. 
[0290] The functions of the SAM 1 05^ are as follows. 
It should be noted that the functions of the SAMs lOSg 
through 1 054 are similar to those of the SAM 1 05^ . 
[0291] The SAM 105^ performs accounting process- 
ing for each content, and communicates with the EMD 
service center 1 02. The standards and version of the 
SAM 1 05., may be managed by the EMD service center 
1 02. If it is desired by electric home appliance manufac- 
turers that the SAM 105^ be loaded in electric home ap- 
pliances, the EMD service center 1 02 may license such 
manufacturers to use the SAM 1 05^ as a black-box ac- 
counting module for performing accounting in units of 
contents. For example, the EMD service center 102 
standardizes the IC, such as the 10 interface, of the SAM 
1 05^ without making it known to the manufacturers, and 
the SAM 1 05i is loaded in the network device 160^ ac- 
cording to the standards. The SAMs 1 05^ through 1 064 
are loaded in the AA/ machines I6O2 through I6O4, re- 
spectively, 

[0292] The processing content of the SAM 105., is 
completely shielded from an external source and is thus 
protected from being externally monitored or tampered. 
The SAM 1 05^ is a function module which is implement- 
ed by executing a tamper-resistant hardware module 
(for example, an IC module) in which prestored data or 
currently processing data cannot be tampered with, or 
by executing software (private program) by the CPU. 
[0293] If the functions of the SAM lOS^ are imple- 
mented by an IC, a private memory is disposed within 
the IC, and a private program and private data are stored 
in the private memory. If the functions of the SAM 105^ 
are incorporated into part of a machine ratherthan being 
implemented by using a physical form, such as an IC, 
the portion incorporating the functions may be defined 
as a SAM . 

[0294] In the example of the network device 160^ 
shown in Fig. 22, the secure container 1 04 is outputfrom 
the communication module 1 62 to the SAM 1 05.,, as in- 
dicated by the solid line. However, as indicated by the 
one-dot chain lines, the key file KF may be output from 
the communication module 162 to the SAM 105^, and 
the content file CF may be directly written into the down- 
load memory 167 from the communication module 1 62 
via a CPU bus. 

[0295] The content data C may be output to the AA/ 
compression/decompression SAM 163 directly from the 
download memory 1 67 by skipping the SAM 1 05^ . 
[0296] The functions of the SAM 1 05^ are specifically 
, described below with reference to the functional block 
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of Fig. 30. ] 

[0297] Fig. 30 Illustrates the dataflowfor receivingthe 
secure container 1 04 from the content provider 1 01 and 
processing fo r decoding the key file KF within the secure 
5 container 1 04. 

[0298] The SAM 105^ includes, as shown in Fig. 30, 
a mutual authentication unit 170, encryption/decryption 
(decoding) units 171, 172, and 173, a content provider 
manager 1 80, a download memory manager 1 82, an A/ 
10 V compression/decompression SAM manager 184, an 
EMD service center manager 1 85, a usage monitor 1 86, 
an accounting processor 187, a signature processor 
1 89, a SAM manager 1 90, a storage unit 1 92, a medium 
SAM manager 197, a work memory 200, an external 
15 memory manager 811, and a CPU 1100. 

[0299] The CPU 1100 receives the internal interrupt 
S810 from the host CPU 810 and controls the entire 
processing within the SAM 1 05-, . 

[0300] The correlation of the components of the SAM 
20 io5i and the elements of the present invention is as fol- 
lows. The content provider manager 1 80 and the down- 
load memory manager 1 82 correspond to input process- 
ing means, the accounting processor 187 corresponds 
to determining means, log data generation means, and 
25 UCS data generation means, the encryption/decryption 
(decoding): unit 172 corresponds to decoding means, 
and the usage monitor unit 186 corresponds to usage 
control status means. The encryption/decryption (de- 
coding) unit 173 corresponds to encryption means. A 
30 medium drive SAM manager 855 shown in Fig. 45, 
which is discussed below, corresponds to recording 
control means. The signature processor 189 corre- 
sponds to signature processing means. 
[0301] As discussed above, the individual functions of 
35 the SAM 1 05., are implemented by executing the private 
program by the CPU or by operating predetemnined 
hardware. The hardware configuration of the SAM 1 05^ 
Is discussed below. 

[0302] In the external memory 201 of the network de- 
40 vice 1 6O1 .-as shown in Fig. 31 , the usage log data 1 08 
and the SAM registration list are stored. 
[0303] The memory space of the external memory 
201 is invisible from an external source of the SAM lOS^ 
(for example, the host CPU 81 0), and only the SAM 1 05^ 
45 is allowed to manage access to the storage area of the 
external memory 201. As the external memory 201, a 
flash memory or a ferroelectric memory (FeRAM) may 
be used. . 

[0304] As the work memory 200, an SRAM may be 
50 used. The work memory 200 may include, as shown in 

Fig. 32, the content key data Kc, the UCP data 1 06, lock 
key data Klqc the storage unit 192, the public key 
certificate CERcp of the content provider 101 , the UCS 
data 166, and the SAM program download containers 
55 SDCi through SDC3, which are stored in the securecon- 

tainer 104. 

[0305] As one of the functions of the SAM 105.,, the 
processing executed by the functional blocks when the 
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secure container 1 04 is received (downloaded) from the 
content provider 101 Is described below with reference 
to Fig. 30. This processing Is centrally controlled by the 
CPU 1100 which has received the Internal inten'upt 
S810 for downloading the content from the host CPU 
810. 

[0306] In sending and receiving data online by the 
SAM 105^ with the content provider 101 and the EMD 
service center 102, the mutual authentication unit 170 
performs mutual authentication vyith the content provid- 
er 1 01 and the EMD service center 1 02 to generate ses- 
sion key data (common key data) K^^^, and outputs it 
to the encryption/decryption (decoding) unit 171. The 
session key data Kses newly created every time mu- 
tual authentication Is conducted. 
[0307] The encryption/decryption (decoding) unit 1 71 
encrypts and decrypts the data sent to and received 
from the content provider 1 01 and the EMD service cent- 
er 1 02 by using Ihe session key Ks^s created by the 
mutual authentication unit 170. 

[0308] If the download memory 1 67 shown In Fig. 22 
is provided with a medium SAM 1 67a, as shown In Fig. 
22, mutual authentication is performed between the mu- 
tual authentication unit 1 70 and the medium SAM 1 67a. 
Then, the download memory manager 1 82 encrypts the 
content by using the session key data Kses obtained by 
mutual authentication, and writes the encrypted data in- 
to the download memory 167 shown in Fig. 22. As the 
download memory 167, a non-volatile semiconductor 
memory, such as a Memory Stick may be used. 
[0309] If a memory without a mutual authentication 
function, such as a hard disk drive (HDD), shown In Fig. 
33, is used as a download memory 211 , the download 
memory 211 is unsecured. Accordingly, the content file 
CF is downloaded into the download memory 211 , and 
the highly secret key file KF Is downloaded into, for ex- 
ample, the work memory 200 shown in Fig. 30 or the 
external memory 201 shown in Fig. 22. 
[0310] In storing the key file KF in the external mem- 
ory 201 , the SAM 1 05^ encrypts it by using message 
authentication code (MAC) key data K^/(q in the CBC 
mode and stores it in the external memory 201 , and also 
stores part of the final block of the ciphertext in the SAM 
1 05^ as a MAC value. In reading the key file KF from 
the external memory 201 to the SAM 1 05^ , the read key 
file KF Is decrypted with the MAC key data K^^j^^, and 
then, the resulting MAC value is compared with the 
stored MAC value, thereby verifying the integrity of the 
key file KF. In this case, instead of the MAC value, a 
hash value may be used. 

[031 1 ] The encryption/decryption (decoding) unit 1 72 
decodes the content key data Kc, the UCP data 106, 
and the SAM program download containers SDC^ 
through SDC3 within the key file KF stored in the secure 
container 104 received from the download memory 
manager 1 82 by using the license key data KD^ through 
KD3 of corresponding periods read from the storage unit 
192. 



[0312] The decoded content key data Kc.the UCP da- 
ta 106, and the SAM program download containers 
SDCi through SDC3 are written into the work memory 
200. 

5 [0313] The EMD service center manager 185 manag- 
es communication with the EMD service center 102 
shown in Fig. 1 . 

[0314] The signature processor 1 89 verifies the integ- 
rity of the signature data within the secure container 1 04 

10 by using the public key data K^g^.p service 
center 1 02 and the public key data K^pp of the content 
provider 1 01 read from the storage unit 192. 
[0315] The storage unit 1 92 has the following data, as 
shown in Fig. 34, as private data protected from being 

15 read or written from outside the SAM 105^: a plurality of 
license key data KD., through KD3 having effective 
dates, a SAMJD, a user ID, a password, an identifier 
HNG_ID of a home network group to which the SAM 
105^ belong, an information reference ID, a SAM regis- 

20 tration list, a revocation list of devices and recording me- 
dia, storage key data Kstr. public key data Kr.^a.p of a 
route CA, public key data K^scp o^ EMD service 
center 1 02, a source key data for mutual authentication 
with a driving SAM (when the common key cryptosys- 

25 tem is employed), a public key certificate of a driving 
SAM (when the private key cryptosystem is employed), 
private key data Ksami.s SAM 105-, (when the 

common key cryptosystem is employed), a public key 
certificate CERqami '"^ which the public key data 

30 KsAMi.p the SAM 1051 is stored (when the private 
key cryptosystem Is employed), signature data SIG22 of 
a public key certificate CEResc obtained by using the 
private key data K^sc.s of the EMD service center 102, 
source key data for mutual authentication with the AA/ 

35 compression/decompression SAM 163 (when the com- 
mon key cryptosystem is employed), source key data 
for mutual authentication with the medium SAM (when 
the common key cryptosystem is employed), public-key 
certificate data CERi^iedsam of the medium SAM (when 

40 the public key cryptosystem Is employed), the signal 
source which can be handled, the compression method, 
the display performance of a monitor to be connected, 
the format conversion function, the presence or ab- 
sence of a bit stream recorder, rights processing (profit 

45 distribution) data, an ID of related entitles which receive 
profits, etc. 

[0316] In Fig. 34, the items of data having the symbol 
* marked at the left side are stored in the storage unit 
192 when shipping the SAM 105-|, and the other items 

50 of data are stored In the storage unit 1 92 when user reg- 
istration is performed after shipping the SAM lOS-j. 
[0317] A private program for implementing at least 
part of the functions shown In Fig. 30 is also stored in 
the storage unit 1 92. 

55 [0318] As the storage unit 192, a flash-EEPROM may 
be used. 
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Processing to be executed when license key data is 
received 

[0319] A description is now given, with reference to 
Figs. 33 and 35, of the process within the SAM lOS^ 
when storing the license key data KD^ through KD3 re- 
ceived from the EMD service center 102 in the storage 
unit 192. 

[0320] Fig. 35 is a flow chart illustrating the process 
within the SAM 1 051 when storing the license key data 
KD^ from the EMD service center 102 through KD3 In 
the storage unit 192. 

[0321] In step S35-0, the CPU 1100 of the SAM 105^ 
receives the internal interrupt S810 indicating an in- 
struction to receive the license key data from the host 
CPU 810. 

[0322] In step S35-1, mutual authentication is per- 
formed between the mutual authentication unit 170 of 
the SAM 105i and the EMD service center 102. 
[0323] Then, in step S35-2, the license key data KD^ 
through KD3 for three months and the corresponding 
signature data SIG^qi ,esc through SIGj<d3 ^sc encrypt- 
ed with the session key data Kqes obtained by mutual 
authentication perfonned in step S35-1 are written from 
the EMD service center 1 02 to the work memory 200 via 
the EMD service center manager 185. 
[0324] In step S35-3, the encryption/decryption (de- 
coding) unit 171 decrypts the license key data KD^ 
through KD3 and the signature data SIG^di^esc through 
SIGkd3,esc '^y using the session key data Kq^q. 
[0325] Subsequently, in step S35-4, the signature 
processor 1 89 verifies the integrity of the signature data 
SIGkdi.esc through SIGkd3,esc stored in the work 
memory 200 and then writes the license key data KD^ 
through KD3 In the storage unit 192. 
[0326] In step S35-5, the CPU 1100 reports the result 
of the processing for receiving the license key data to 
the host CPU 81 0 through an external interrupt. 
[0327] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described receiving processing has been correctly per- 
formed, in which case, the host CPU 81 0 may read the 
flag by polling. 

Processing to be executed when the secure container 
1 04 is received from the content provider 1 01 

[0328] A description is now given of, with reference to 
Figs. 30 and 36, of the flow within the SAM 105^ when 
receiving the secure container 1 04 from the content pro- 
vider 101 . 

[0329] In the example described below, the content 
file CF is written into the download memory 167 via the 
SAM 105^. In the present invention, however, the con- 
tent file CF may be directly written into the download 
memory 167 without passing through the SAM 105^. 
[0330] Fig. 36 is a flow chart illustrating the process 
within the SAM 105^ when receiving the secure contain- 



er 1 04 from the content provider 101. 
[0331] In the subsequent example, the SAM 105^ ver- 
ifies the various items of signature data when receiving 
the secure container 104. Alternatively, the signature 
5 data may be verified when the purchase/usage mode is 
determined;. 

[0332] In step S36-0, the CPU 1 1 00 of the SAM 1 05^ 

shown in Fig. 30 receives from the host CPU 810 the 
internal interrupt S810 indicating an instruction to re- 

10 ceive the secure container 1 04. 

[0333] In; step S36-1, mutual authentication is con- 
ducted between the mutual authentication unit 170 of 
the SAM 105^ and the content provider 101 . 
[0334] Then, in step S36-2, mutual authentication is 

15 performed between the mutual authentication unit 170 
of the SAM 105i and the medium SAM 167a of the 
download memory 167. 

[0335] In step S36-3, the secure container 104 re- 
ceived from the content provider 1 01 is written into the 

20 download memory 167. Simul-taneously, the secure 
container 1 04 is encrypted in the mutual authentication 
unit 1 70 and is decrypted in the medium SAM 1 67a by 
using the session key data obtained in step S36-2. 
[0336] Subsequently, in step S36-4, the SAM 1 05^ de- 

25 codes the secure container 1 04 with the use of the ses- 
sion key data obtained in step S36-1 . 
[0337] In step S36-5, afterverifying the signature data 
SIG^ ESC indicated by Fig. 3C, the signature processor 
189 verifies the signature data SIG^ cp ^"d SIG7 cp by 

30 using the public key data Kqpp of the content provider 
101 stored in the public-key certificate data CERcp 
shown in Fig. 3C. 

[0338] When the signature data SIGg^cp 's verified, 
the integrity of the creator and the sender of the content 

35 file CF is verified. 

[0339] When the signature data SIG7 cp verified, 
the sender of the integrity of the key file KF is verified. 
[0340] Thereafter, in step S36-6, the signature proc- 
essor 189 checks the Integrity of the signature data 

40 SIG^-i ESC within the key file KF shown in Fig. 3B, i.e., 
the integrity of the creator of the key file KF, by using the 
public key data K^s^.p ^^^^ ^^^^ storage unit 192, 
and also checks whether the key file KF is registered in 
the EMD service center 102. 

45 [0341] In step S36-7, the encryption/decryption (de- 
coding) unit 172 decrypts (decodes) the content key da- 
ta Kc, the UCP data 106, and the SAM program down- 
load containers SDC-, through SDC3 within the key file 
KF shown in Fig. 3B by using the license key data KD^ 

50 through KD3 of corresponding periods read from the 
storage unit 192, and writes them into the work memory 
200. 

[0342] Then, In step S36-8, the CPU 1100 reports to 
the host CPU 81 0 through an external interrupt whether 
55 the secure container 104 has been correctly received. 
Alternatively, the CPU 1100 may set a flag in the SAM 
status register indicating whether the secure container 
104 has been appropriately received, and the host CPU 
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810 may read the flag by polling. 
[0343] The processing perfonried by the individual 
functional blocks for purchasing and using the content 
data C downloaded Into the download memory 167 is 
described below with reference to Fig. 37.- 
[0344] The processing of the functional blocks are 
centrally controlled by the CPU 11 GO which receives the 
Internal Interrupt S810 from the host CPU 810. 
[0345] The usage monitor 186 reads trie UCP data 
1 06 and the DCS data 1 66 from the work memory 200, 
and monitors the situation to make sure that the content 
Is purchased and used within the license restricted by 
the UCP data 106 and the UCS data 166.^ 
[0346] As stated with reference to Fig. i36, the UCP 
data 1 06 is stored in the key file KF In the work memory 
200 after being decoded. 

[0347] The UCS data 1 66 is stored in the work mem- 
ory 200 When the purchase mode Is detemrilned by the 
user, as discussed below. The UCS data ^166 includes 
the user ID who has purchased the content data C, the 
tracing information, etc., i.e., the same data as the UCP 
data 1 06 shown In Fig. 3B, except for the UCS Infomna- 
tion indicating the purchase mode determined in the pur- 
chase-mode determining processing. 
[0348] In receiving the internal interrupt 881 0 indicat- 
ing an instruction to determine the purchase mode or 
the usage mode of the content from the CPU 81 0 shown 
in Fig. 22, the accounting processor 1 87 creates the cor- 
responding usage log data 108. 
[0349] As stated above, the usage log data 108 indi- 
cates the history of the purchase and usage modes of 
the secure container 1 04 made by the user, and is used 
when performing the settlement processing and deter- 
mining the license fee by the EMD service center 102 
according to the purchase of the secure container 104. 
[0350] The accounting processor 1 87 infomns the us- 
er of the sales price or the SRP read from the work mem- 
ory 200 if necessary. The sales price and the SRP are 
contained within the decoded UCP data 106 of the key 
file KF shown in Fig. 3B stored In the work rnemory 200. 
[0351] The accounting processing by the accounting 
processor 1 87 is performed under the monitoring of the 
usage monitor 186 based on the rights, such as the li- 
cense agreement conditions, represented by the UCP 
data 1 06, and the UCS data 166. That Is, the user pur- 
chases and uses the content within the allowance of the 
rights. 

[0352] The accounting processor 187 also creates, 
based on the internal interrupt 381 0, the UCS data 1 66 
indicating the purchase mode of the content determined 
by the user, and writes it into the work memory 200. 
[0353] In this embodiment, after the purchase mode 
is determined, the UCS data 166 is stored in the work 
memory 200. However, the UCS data 1 66;and the con- 
tent key data Kc may be stored In the external memory 
201 . As the external memory 201 , a flash memory, which 
is a non-volatile RAM, may be used, as stated above. 
In writing the UCS data 166 and the content key data 
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Kc into the external memory 201, integrity check is per- 
formed for verifying the integrity of the external memory 
201 , in which case, a storage area of the external mem- 
ory 201 Is divided Into a plurality of blocks, and a hash 
5 value is determined for each block by using SHA-1 or 
MAC, and the determined hash values are controlled in 
the SAM 105i. 

[0354] Instead of determining the purchase mode in 
the SAM 105-1, the secure container 104 may be trans- 

10 ferred to another SAM , such as SAM 1 0Sg through 1 0S^, 
in which case, the UCS data 166 is not created. 
[0355] The purchase modes of the content include, for 
example, "sell through" In which no restriction is im- 
posed on playback operation by the purchaser and cop- 

15 ying for the use of the purchaser, "time limited" In which 
the period of use is restricted, "pay per play" in which 
charging incurs every time the content Is played back, 
"pay per SCMS" in which charging incurs every time the 
copied content is played back in a SCMS device, "sell 

20 through SCMS copy" in which copying in a SCMS device 
is allowed, and "pay per copy N without copy guard" in 
which charging Incurs every time the content is played 
back without setting a copy guard. 
[0356] The UCS data 166 is created when the user 

25 determines the purchase mode of the content, and is 
thereafter used for controlling so that the purchase uses 
the content within the allowance of the determined pur- 
chase mode. The UCS data 166 includes the content 
ID, the purchase mode, the price according to the pur- 

30 chase mode, a SAM_ID of the SAM which has pur- 
chased the content, and a user_ID of the user who has 
purchased the content. 

[0357] If the determined purchase mode is "pay per 
play", "pay per SCMS", or "pay per copy N without copy 

35 guard", upon purchasing the content data C, the SAM 
1 05^ may send the UCS data 1 66 to the content provider 
101 in real time, and the content provider 101 may in- 
struct the EMD service center 1 02 to fetch the usage log 
data 1 08 within a predetemnined period. 

40 [0358] If the determined purchase mode is "sell 
through", the UCS data 166 may be sent to both the con- 
tent provider 1 01 and the EMD service center 1 02 in real 
time. Thus, in this embodiment, regardless of the pur- 
chase mode, the UCS data 166 is sent to the content 

45 provider 1 01 in real time. 

[0359] The EMD service center manager 185 regular- 
ly sends the usage log data 1 08 read from the external 
memory 201 via the external memory manager 811 to 
the EMD service center 102. 

50 [0360] In this case, the signature processor 1 89 cre- 
ates the signature data SIG2cx),sami the usage log da- 
ta 108 by using the private key data Kqami.S' 
EMD service center manager 185 sends the signature 
data SIG200SAMI together with the usage log data 108 

55 to the EMD service center 102, 

[0361] The EMD service center manager 185 may 
send the usage log data 108 regularly in response to a 
request from the EMD service center 1 02, or when his- 
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tory Information in the usage log data 108 exceeds a 
predetermined amount. The amount of history infomna- 
tion Is determined according to, for example, the storage 
capacity of the external memory 201 . 
[0362] When the CPU 1100 receives the internal in- 
terrupt S810 indicating an instruction to play back the 
content from the host CPU 810 shown in Fig. 22, the 
download memory manager 1 82 outputs the content da- 
ta C read from the download memory 167, the content 
key data Kc read from the work memory 200, and user 
digital infomriation data 196 input from the accounting 
processor 1 87 to the AA/ compression/decompression 
SAM manager 184. 

[0363] Upon receiving the internal interrupt S810 in- 
dicating an instruction to listening to the content for dem- 
onstration, the down load-memory manager 1 82 outputs 
the content file CF read from the download memory 1 67, 
the content key data Kc and partially disclosing param- 
eter data 1 99 read from the work memory 200 to the A/ 
V compression/decompression SAM manager 184. 
[0364] The partially disclosing parameter data 1 99 Is 
described in the UCP data 106, and Indicates the han- 
dling of the content in the demonstration mode. This en- 
ables the A/V compression/decompression SAM 163 to 
play back the encrypted content data C in a partially dis- 
closing state based on the partially disclosing parameter 
data 1 99. As the partially disclosing techniques, the fol- 
lowing techniques are available. By utilizing the fact that 
the AA/ compression/decompression SAM 163 proc- 
esses data (signal) in units of predetennined blocks, 
some blocks are decoded by using the content key data 
Kc, and some blocks are not decoded by using the con- 
tent key data Kc according to the partially disclosing pa- 
rameter data 199. Or, the playback functions in the dem- 
onstration mode are restricted, orthe period for listening 
to the content for demonstration is limited. 

Processing for determining the purchase mode of the 
downloaded secure container 

[0365] A description is now given, with reference to 
Figs. 37 and 38, of the process of the SAM 1 05-, for de- 
termining the purchase mode of the secure container 
104 downloaded from the content provider 101 to the 
download memory 167, 

[0366] In the subsequent processing, in determining 
the purchase mode of the secure container 1 04, the sig- 
nature data within the secure container 1 04 is not veri- 
fied (as stated above, the signature data is verified when 
receiving the secure container 104). However, the sig- 
nature data may be checked in determining the pur- 
chase mode. 

[0367] Fig. 38 is a flow chart illustrating the process 
for detemnining the purchase mode of the secure con- 
tainer 1 04 downloaded from the content provider 1 01 to 

the download memory 167. 

[0368] In step S38-0, the CPU 1100 of the SAM 105^ 
shown In Fig. 37 receives from the host CPU 810 the 



internal interrupt S810 instructing the SAM 105^ to de- 
termine the purchase mode of the content. 
[0369] The CPU 1100 then detemnines In step S38-1 
whether the internal interrupt. S810 from the host CPU 

5 810 Indicates the demonstration mode, and if so, the 
CPU 1 1 00 executes the processing of step S38-2. If not, 
the CPU 1100 executes the processing of step S38-5. 
[0370] In; step S38-2, the content key data Kc and the 
partially disclosing parameter data 199 read from the 

10 work memory 200 are output to the AN compression/ 
decompression SAM 163 shown in Fig. 22. Simultane- 
ously, after performing mutual authentication between 
the mutual authentication unit 170 of the SAM 105^ and 
a mutual authentication unit 220 of the /W compres- 

15 sion/decompression SAM 1 63, the content key data Kc 
and the partially disclosing parameter data 199 are en- 
crypted and decrypted by using the session key data 

•^SES- 

[0371] In step S38-3, upon receiving the internal in- 
20 terrupt S810 indicating the demonstration mode from 
the host CPU 810, the CPU 1100 outputs the content 
file CF stored in the download memory 1 67 to the A/V 
compression/decompression SAM 1 63 shown in Fig. 22 
via the /VV compression/decompression SAM manager 
25 184. 

[0372] Simultaneously, mutual authentication for the 
contentfile CF is conducted between the mutual authen- 
tication unit 1 70 and the medium SAM 1 67a of the down- 
load memory 1 67, and the content file CF is encrypted 

30 and decoded with the session key data Kqes- Also, mu- 
tual authentication for the content file CF is performed 
between the mutual authentication unit 1 70 and the mu- 
tual authentication unit 220, and the content file CF is 
encrypted and decoded with the session key data KgEg. 

35 [0373] The content f lie CF is decoded with the session 
key data KsEs in a decoder 221 of the A/V compression/ 
decompression SAM 163 shown in Fig. 22, and is then 
output to a decoder 222. 

[0374] Then, in step S38-4, the decoded partially dis- 

40 closing parameter data 199 Is output to a partially dis- 
closing processor 225 of the A/V compression/decom- 
pression SAM 1 63, and the content data C is decoded 
in a partially disclosing state by the decoder 222 using 
the content key data Kc under the control of the partially 

45 disclosing'processor 225. 

[0375] The partially disclosed decoded content data 
C is decompressed in a decompression unit 223, and is 
outputto a digital-watermark information processor224. 
[0376] In the digital-watermark information processor 

50 224, the user digital information data 1 96 is embedded 
into the content data C, and then, the content data C is 
played back in the playback module 1 69 so as to output 
sound corresponding to the content data C. 
[0377] The digital-watermark information processor 

55 224 also detects the digital watermark information em- 
bedded in the content data C, and determines whether 
the processing should be discontinued based on the de- 
tection result. 
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[0378] In step S38-5, when the user detennines the 
purchase mode by operating the operation unit 165, the 
internal interrupt S810 corresponding to the determined 
purchase mode Is output from the host CPU 81 0 to the 
SAIVI 105^. 

[0379] Subsequently, in step S38-6, the accounting 
processor 1 87 of the SAM 1 05^ creates the usage log 
data 108 and the UCS data 1 66 according to the deter- 
mined purchase mode, and writes the usage log data 
1 08 to the external memory 201 via the external memory 
manager 811 and also writes the UCS data 166 to the 
work memory 200. 

[0380] Thereafter, the usage monitor 186 controls 
(monitors) the situation to make sure that the purchase 
and use of the content are controlled within the condi- 
tions allowed by the UCS data 1 66. , 
[0381 ] In step S38-7, a new key file KF^ shown In Fig. 
39C, which is discussed below, is created, and is stored 
in the download memory 1 67 or another memory via the 
download memory manager 1 82. 
[0382] The UCS data 1 66 stored in the key file KF^ is 
encrypted, as shown in Fig. 39C, with the storage key 
data Kg-pR and medium key data K]^eq by utilizing the 
CBC mode of the DES. 

[0383] The storage key data K^jf^ Is data determined 
by the type of machine, such as a super audio compact 
disc (SACD) machine, a digital versatile disc (DVD) ma- 
chine, a compact disc recordable (CD-R) machine, or a 
mini disc (MD) machine, and is used for corresponding 
one type of machine to one type of recording medium. 
The medium key data K^ed data unique to the record- 
ing medium. 

[0384] In step S38-B, in the signature processor 1 89, 
the hash value H^^ of the key file KF., is created by using 
the private key data Kg^^LS of the SAM lOS^, and is 
written Into the work memory 200 in correspondence 
with the key file KF^. The hash value H^i is used for 
verifying the integrity of the key file KF^ and'the Identity 
of the creator of the key file KF^. 
[0385] In sending the content data C with the pur- 
chase mode determined online or via a recording medi- 
um, a secure container 1 04p is created, as- Illustrated in 
Figs. 39A through 39D, which stores the key file KF-, and 
hash value H^i therefor, the content file CF and signa- 
ture data SIGg^cp therefor, the key file KF and signature 
data SIG7 cp. the public-key certificate data CERqp and 
signature data SIG^ therefor, and public-key certif- 
icate data CERsy^^^^ and signature datia SIGgggsc 
therefor. 

[0386] As discussed above, upon determining the 
purchase mode of the secure container 1 04p, the UCS 
data 166 is created and Is stored in the work memory 
200. If the purchase mode of the same secure container 
104p is re-determined In the SAM 105^, the UCS data 
1 66 stored in the work memory 200 Is updated accord- 
ing to the external interrupt (operation signal) SI 65. 
[0387] Then, In step S38-9, the CPU 1100 checks 
whether the above-described purchase-mode deter- 
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mining processing has been correctly executed, and re- 
ports the corresponding Information to the host CPU 810 
via an external interrupt. 

[0388] Alternatively, the CPU 1100 may set a flag in 

5 the SAM status register indicating whether the above- 
described purchase-mode determining processing has 
been correctly executed, in which case, the host CPU 
810 reads the flag by polling. 



[0389] A description Is given below, with reference to 
Fig. 40, of the process for playing back the content data 
C, for which the purchase mode is determined, stored 
15 in the download memory 1 67, 

[0390] This processing is executed, assuming that the 
UCS data 1 66 Is stored In the work memory 200 by the 
aforementioned purchase-mode determining process- 
ing. 

20 [0391] In step S40-0, the CPU 1100 of the SAM 105i 
shown In Fig. 37 receives the internal interrupt S810 in- 
dicating an instruction to play back the content from the 
host CPU 810. 

[0392] In step S40-1 , the UCP data 1 66 is read from 

25 the work memory 200 to the usage monitor 1 86, and the 
usage monitor 186 interprets and verifies the playback 
conditions described in the UCP 166, and monitors the 
situation so that the subsequent playback operation Is 
performed based on the UCP data 165. 

30 [0393] Then, in step S40-2, mutual authentication is 
performed between the mutual authentication unit 170 
shown in Fig. 37 and the mutual authentication unit 220 
of the A/V compression/decompression SAM 163 
shown in Fig. 22, and the session key data Kg^s 

35 shared therebetween. 

[0394] In step S40-3, the playback conditions Inter- 
preted and verified in step S40-1 and the content key 
data Kc read from the work memory 200 are encrypted 
by using the session key data Kses obtained in step 

40 S40-2, and are output to the A/V compression/decom- 
pression SAM 163. 

[0395] Accordingly, the playback conditions and the 
content key data Kc are decoded with the session key 
data Kses '"^ decoder 221 of the A/V compression/ 

45 decompression SAM 163 shown In Fig. 22. 

[0396] Subsequently, In step S40-4, the content file 
CF read from the download memory 167 is encrypted 
by using the session key data Kg^g. and is then output 
to the A/V compression/decompression SAM 163. 

50 [0397] Accordingly, the content file CF is decoded 
with the session key data Kg^g 'ri the decoder 221 of 
the /W compression/decompression SAM 163. Subse- 
quently, the content data C within the content file CF is 
decompressed in the decompression unit 223 of the A/ 

55 V compression/decompression SAM 163, and the user 
digital watermark information is embedded into the de- 
compressed content data C in the digital-watermark in- 
formation processor 224. Then, the content data C is 
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played back in the playback module 169. 
[0398] In step S40-5, the DCS data 1 66 read in step 
S40-1 is updated if necessary, and the updated UCS 
data 1 66 is again written into the work memory 200. The 
usage log data 1 08 stored in the external memory 201 
is updated or newly created. 

[0399] The CPU 1 1 00 then determines in step S40-6 
whether the content playback processing has been cor- 
rectly performed, and reports the result to the host CPU 
810 through an external interrupt. 
[0400] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the content 
playback processing has been correctly performed, and 
the host CPU 81 0 may read the flag by polling. 

Processing to be executed when the USC data 1 66 of 
one machine is utilized for re-purchasing the content in 
another machine 

[0401] After detennining the purchase mode of the 
content file CF downloaded into the download memory 
167 of the network device 1601 , a new secure container 
1 04x storing the content file CF is created, as shown in 
Fig. 41 , and is transferred to the SAM lOSg of the AN 
machine 1 eOg via the bus 191 . The processing to be ex- 
ecuted in the SAM 105i in the above-described opera- 
tion is discussed below with reference to Figs. 42 and 
43. 

[0402] The processing shown in Fig. 43 is executed, 
assuming that the key file KF^ and the hash value H^i 
shown in Fig. 44C are stored in the work memory 200 
of the SAM 105-1 by the above-described purchase 
processing. 

[0403] In step S43-1, according to the user's opera- 
tion performed on the operation unit 1 65, the CPU 11 00 
of the SAM 105^ shown in Fig. 42 receives the internal 
interrupt S810 indicating an Instruction to transfer the 
secure container 1 04x, for which the purchase mode is 
detennined, to the SAM 1 0Sg. Accordingly the account- 
ing processor 187 updates the usage log data 108 
stored in the external memory 201 . 
[0404] Then, in step 843-2, the SAM 1 05^ checks the 
SAM registration list, which is discussed below, to verify 
the official registration of the SAM 1052, which is to re- 
ceive the secure container 104x. If so, the SAM 105^ 
perfonns the processing of step S43-3. The SAM 105^ 
also detemnines whether the SAM 1052 ^ within 
the home network. 

[0405] In step S43-3, the mutual authentication unit 
170 shares the session key data Kses obtained after 
perfonning mutual authentication with the SAM 1052- 
[0406] In step S43-4, the SAM manager 1 90 reads the 
content file CF and the signature data SIGg^cp shown in 
Fig. 39A from the download memory 211 , and controls 
the signature processor 189 to accordingly create sig- 
nature data SIG41 SAM1 '^y "Sing the private key data 
KsAMi of the SAm 'i05i. 

[0407] Then, in step 843-5, the SAM manager 190 



reads the key file KF and the signature data SIG7 op 
shown In Fig. 39B from the download memory 211 , and 
controls the signature processor 1 89 to accordingly cre- 
ate signature data SIG42_sami using the private key 
5 data KsAMi the SAM Vos^. 

[0408] Thereafter, in step S43-6, the SAM manager 
190 creates the secure container 1 04x shown in Figs. 
44A, 44B, and 44C. 

[0409] In step S43-7, the secure container 1 04x is en- 

10 crypted with the session key data K3E3 obtained in step 
S43-3 in the encryption/decryption (decoding) unit 171 . 
[0410] Subsequently in step S43-8, the SAM manag- 
er 190 outputs the secure container 104x to the SAM 
1052 of the A/V machine I6O2 shown in Fig. 41. In this 

15 case, simultaneously with mutual authentication be- 
tween the SAM 105^ and the SAM 1052, mutual authen- 
tication for the lEEE-1394 serial bus 191 is perfomned. 
[0411] Then, in step S43-9, the CPU 1100 detennines 
whether the secure container 104x, for which the pur- 

20 chase mode is determined, has been correctly trans- 
ferred to the SAM 1 052- and reports the result to the host 
CPU 810 through an extemal interrupt. 
[0412] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the secure 

25 container 104x has been correctly transferred to the 
SAM 1 052, ^"cl the host CPU 81 0 may read the flag by 
polling. 

[0413] A description is now given, with reference to 
Figs. 45, 46, and 47, of the process executed within the 
30 SAM 1052 when the secure container 104x shown in 
Figs. 44A through 44D received from the SAM 105^ is 
written into the recording medium (RAM) 1304(Fig. 14), 
as illustrated in Fig. 41 . 

[041 4] Figs. 46 and 47 are a flow chart illustrating the 

35 above-described process. 

[0415] As shown in Figs. 14 and 41 , the recording me- 
dium (RAM) 1304has the unsecured RAM area 134, the 
medium SAM 133, and the secure RAM area 132. 
[0416] Referring to Fig. 46, in step S46-0, the CPU 

40 1 1 00 shovyn In Fig. 45 receives, from the host CPU 81 0 
of the network device 1 6O2 shown in Fig. 41 , the internal 
interrupt S81 0 indicating an instruction to receive the se- 
cure container 1 04x from the network device 1 60^. 
[0417] In step S46-1 , the SAM 1 052 checks the SAM 

45 registration list to detemiine whether the SAM 105^, 
which sends the secure container 104x, is officially reg- 
istered. If so, the SAM 1 062 performs the processing of 
step S46-2. The SAM 1052 checks whether the 
SAM 1 05i is a SAM within the home network. 

50 [0418] In response to the processing of the above-de- 
scribed step S43-3 shown in Fig. 43, the SAM lOSg 
shares the session key Kses acquired by performing 
mutual authentication with the SAM 105^. 
[0419] In step S46-3, the SAM manager 190 of the 

55 SAM 1 052 receives, as shown in Figs. 41 and 45, the 
secure container 104x from the SAM 105-| of the net- 
work device IBO^. 

[0420] In step S46-4, the encryption/decryption (de- 
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coding) unit 171 of the SAM 1052 decodes the secure 
container 104x received via the SAM manager 190 by 
using the session key data Kses obtained in step S46-2. 
[0421] Then, in step 846-5, the content fife CF within 
the secure container 104x decoded by the session key 
data K3E3 undergoes processing in the medium drive 
SAM manager 855 shown in Fig. 45, such as sectoriz- 
ing, adding a sector header, scrambling, error-correct- 
ing code (ECC) encoding, modulating, and synchroniz- 
ing, and is then stored in the RAM area 134 of.the re- 
cording medium (RAM) 13O4, 

[0422] In step S46-6, the signature data SIGg Qp and 
SIG^ 

1.SAM1- signature data 

SIG7CP and SIG42 SAM1. ^"cl the key file KF^ and the 
hash value thereof H^i, the public key signature data 
CERcp find the signature data SIG^ therefor, and 
the public key signature data CERsami signa- 
ture data SIG22 ESC therefor within the secure container 
104x all of which are decoded with the session key data 
^SES- written into the work memory 200. 
[0423] Subsequently, in step S46-7, the signature 
processor 189 verifies the integrity of the public-key cer- 
tificate data CERqp and CER3AM1 using the public 
key data K^pp read from the storage unit 192. The sig- 
nature processor 1 89 also checks the integrity of the sig- 
nature data SIGqqp by using the public key data Kqpp 
stored in the public-key certificate data CERsamt 
to verify the Integrity of the creator of the content file CF. 
The signature processor 189 also checks the integrity 
of the signature data SIG41 sami using the public key 
data KsAMLP stored in the public-key certificate data 
CERsami so as to verify the integrity of the sender of 
the content file CF. 

[0424] In step S46-8 , the signature processor 1 89 ver- 
ifies the integrity of the signature data SIGycp ^nd 
SIG42, 

SAM1 Stored in the work memory 200 by using the 
public key data Kcp and Ksami.p so as to verify the send- 
er of the key file KR 

[0425] Further, in step S46-9, the signature processor 
189 checks the integrity of the signature dataSIG^^^ ^sc 
stored in the key file KF shown In Fig. 44B by using the 
public key data Kggc.p ^^^^ ^^^^ storage unit 192, 
thereby making it possible to verify the crea[torof the key 
file KF. 

[0426] Referring to Fig. 47, in step S46-1 0, the signa- 
ture processor 1 89 checks the integrity of the hash value 
H^^ so as lo verify the integrity of the creator and the 
sender of the key file KF-, . 

[0427] In this example, the creator and the sender of 
the key file KF^ are the same. However, if they are dif- 
ferent, signature data for both the creator and the sender 
are created, and the signal processor 189 verifies the 
integrity of both the signature data. 
[0428] In step S46-1 1 , the usage monitor 1 86 controls 
the purchase and usage modes of the content data C 
by using the UCS data 166 stored in the" key file KF^ 
decoded in step S46-10. 

[0429] In step S46-12, upon determining the pur- 



chase mode by operating the operation unit 165 by the 
user, the CPU 1100 of the SAM lOSg receives the cor- 
responding internal inten'upt S81 0. 
[0430] In step S46-13, the accounting processor 1 87 

5 updates the usage log data 1 08 stored in the external 
memory 201 under the control of the CPU 1100. The 
accounting processor 187 also updates the UCS data 
166 every time the purchase mode of the content data' 
is determined. In this case, the UCS data 1 66 of the 

10 sender SAM Is discarded. 

[0431] Then, in step S46-14, the encryption/decryp- 
tion (decoding) unit 173 of the SAM 1062 encrypts the 
UCS data 1 66 generated in step S46-12 by sequentially 
using the storage key data Kstr> the medium key data 
^^MED> the purchase key data Kpj^ read from the 
storage unit 192, and outputs the encrypted UCS data 
166 to the medium drive SAM manager 855. 
[0432] In step S46-15, the medium drive SAM man- 
ager 855 executes processing, such as sectorizing, 

20 adding a sector header, scrambling, ECC encoding, 
modulating, and synchronizing, on the key file KF^ hav- 
ing the updated UCS data 166, and stores it in the se- 
cure RAM area 132 of the recording medium (RAM) 
I3O4. 

25 [0433] The medium key data K|^eo already been 
stored in the storage unit 1 92 by mutual authentication 
between the mutual authentication unit 1 70 of the SAM 
1062 shown in Fig. 45 and the medium SAM 133 of the 
recording medium I3O4 shown in Fig. 41. 

30 [0434] The storage key data \<^stb ^^ta determined 
by the type of machine (in this example, the AA/ machine 
I6O2), such as a SACD machine, a DVD machine, CD- 
R machine, or an MD machine, and is used for corre- 
sponding one type of machine to one type of recording 

35 medium. A SACD and a DVD have the same physical 
structure of a disk medium. Accordingly, data on a 
SACD can be recorded and played back by using a DVD 
machine, in which case, the storage key data Ksjr 
serves the function of preventing illegal copying. In this 

40 embodiment, encryption with the use of the storage key 
data KsTR nnay not be performed. 
[0435] The medium key data K(^ed '® ^^^^ unique to 
the recording medium (in this example, the recording 
medium (RAM) 13O4). 

45 [0436] The medium key data K|^ed stored in a stor- 
age medium (in this example, the storage medium 
(RAM) 13O4 shown in Fig. 41), and encryption and de- 
cryption is preferably performed by using the medium 
key data K^^ed the medium SAM of the recording me- 

50 dium In terms of the security. In this case, if the recording 
medium is provided with a medium SAM, the medium 
key data K^ed 's stored in the medium SAM. and if not, 
the medium key data K^^^q is stored within the RAM ar- 
ea, i.e., an area (not shown) outside the control of the 

55 host CPU 810. 

[0437] As in this embodiment, mutual authentication 
may be performed between the SAM 1 052 the me- 
dium SAM (in this example, medium SAM 133), and 
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then, the medium key data K^ed "^^V t>e transferred to 
the SAM 1052 via a secure communication path, and 
encryption and decryption may be performed In the SAM 
1052 by using the medium key data Ki^ed* 
[0438] In this embodiment, the storage key data Kstr 
and the medium key data K^^ed 'Jsed for pro- 

tecting the security of the physical layer of the recording 
medium. 

[0439] The purchaser key data Kpi^ is data indicating 
the purchaser of the content file CF, and if the content 
is purchased in the "sell through" mode, the purchaser 
key data Kp,N is assigned to the userfromthe EMD serv- 
ice center 1 02. The purchaser key data Kpi^ Is managed 
by the EMD service center 102. 
[0440] In step S46-1 6, the key file KF Is read from the 
work memory 200, and is written into the secure RAM 
area 132 of the recording medium (RAM) 13O4 by the 
medium drive SAM 260 shown in Fig. 41 via the medium 
drive SAM manager 855. 

[0441] In step S46-1 7, the CPU 11 00 of the SAM 1052 
reports the result of the processing for the received se- 
cure container 1 04x to the host CPU 81 0 through an ex- 
terna! interrupt. 

[0442] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described processing has been correctly performed, 
and the host CPU 81 0 may read the flag by polling. 
[0443] In the above-described embodiment, the key 
files KF and KF^ are recorded on the secure RAM area 
132 of the recording medium (RAM) I3O4 viathe medi- 
um drive SAM 260. However, the key files KF and KF^ 
may be recorded on the medium SAM 1 33 from the SAM 
1052, Indicated by the one-dot chain line in Fig. 41 . 
[0444] In the aforementioned embodiment, the se- 
cure container 104x Is sent from the SAM 105^ to the 
SAM lOSg. However, the content file CF and the UCP 
data 1 06 may be sent from the network device 1 60-, to 
the AA/ machine IO62 under the control of the host 
CPUs of the network device IO61 and the AA^ machines 
IO62. In this case, the UCS data 166 and the content 
key data Kc are sent from the SAM 105^ to the SAM 
1052- 

[0445] As a modification to the above-described em- 
bodiment, the purchase mode is determined in the SAM 
1 05-, , and the SAM 1 065 uses the UCS data 1 66 without 
detennining the purchase mode. In this case, the usage 
log data 108 is created only in the SAM 105^, but not in 
the SAM lOSg. 

[0446] In purchasing the content data C, for example, 
an album consisting of a plurality of content data C may 
be purchased. In this case, the plurality of content data 
C may be provided by different content providers 101 
(in the second embodiment, which is described below, 
the plurality of content data C may be provided by dif- 
ferent service providers 310). Alternatively, part of the 
content data C forming an album may be initially pur- 
chased, and later, the remaining content data C may be 
gradually purchased. As a result, the whole album Is 



purchased. 

[0447] Fig. 48 illustrates examples of various pur- 
chase modes of the content data C. 
[0448] The network device I6O1 purchases the con- 
5 tent data C which has been received from the content 
provider 1 01 by using the UCP data 1 06, and generates 
UCS data lis6a. 

[0449] Sirnilarly, the AA/ machine 1 6O2 purchases the 
content data C which has been received from the con- 

10 tent provider 101 to the network device 160., by using 
the UCP data 106, and generates UCS data 166b. 
[0450] The AA/ machine 1 6O3 copies the content data 
C purchased by the AN machine 1 6O2. and detemnines 
the usage mode by using the UCS data 1 66b created in 

15 the A/V machine I6O2. As a result, UCS data 166c is 
generated in the A/V machine I6O3. The A/V machine 
I6O3 also creates usage log data 108b from the UCS 
data 166c. , 

[0451 ] The network device 1 6O4 receives the content 
20 data C which has been received from the content pro- 
vider 101 to the network device 160.| and determined 
the purchase mode in the network device 1 60-, , and then 
determines the purchase mode by using the UCS data 
1 66 created by the network device 1 60., . As a result, the 
25 UCS data 166a is generated in the A/V machine I6O4, 
and usage log data lOBa is also created from the UCS 
data 166a. 

[0452] The UCS data 166a, 166b, and 166c are re- 
spectively encrypted in the AV machines I6O4, leOg, 
30 and 1 6O3 by using the storage key data Kstr unique to 
the machine and the medium key data K|^ed unique to 
the recording medium, and are recorded on the corre- 
sponding recording media. 

[0453] In this embodiment, the user pays for licensing 
35 rights for the content data C rather than for property 
rights. The! copying of the content data contributes to 
promotion *of the content, and also satisfies the de- 
mands of the right holders of the content data in view of 
expediting the sale. 

40 

Processing for determining the purchase mode of 
content data on a recording medium (ROM) 

[0454] As shown in Fig. 49, the recording medium 
45 (ROM) 130^ shown In Fig. 11 which stores the content 
and for which the purchase mode Is still undetemnined 
is distributed offline to the A/V machine I6O2 via a user 
home network 103, and the A/V machine I6O2 deter- 
mines the purchase mode. This processing is discussed 
50 below with reference to Figs. 50 and 51 . 

[0455] Referring to Fig. 51, In step S51-0, according 
to the usei's operation performed on the operation unit 
165, the CPU 1100 of the SAM lOSg shown in Fig. 50 
receives the internal interrupt S810 indicating an in- 
55 structlon to detemnlne the purchase mode of the content 
distributedVia a recording medium (ROM). 
[0456] Ir^ step S51 -1 , after performing mutual authen- 
tication between the mutual authentication unit 170 
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shown in Fig. 50 and the medium SAM 133 of the re- 
cording medium (ROM) 130^ shown in Fig. 11 , the SAM 
1052 receives the medium key data K^ed ^^^^ the me- 
dium SAM 133. If the SAM 1052 already has the medium 
key data K^ed stored therein, it is not necessary to re- 
ceive the medium key data K^^ed- 
[0457] Then, in step S51-2, the key file KF and the 
signature data SIG7 cp therefor, and the public-key cer- 
tificate data CERcp and the signature data SIG^ ^sc 
therefor, which are shown in Figs. 3B and 3C, stored in 
the secure container 1 04 recorded on the secure RAM 
area 132 of the recording medium (ROM) 130^, are writ- 
ten into the work memory 200 via the medium drive SAM 
manager 855. 

[0458] In step 851 -3, after verifying the integrity of the 
signature data SIG^ esc> signature processor 189 
extracts the public key data KQpp from the public-key 
certificate data CERcr, and verifies the Integrity of the 
signature data SIGy cp, i e., the sender of the key file 
KF, by using the public key data K^pp. 
[0459] The signature processor 189 also verifies the 
integrity of the signature data SIG^i^esc stored in the 
key file KF, I.e., the creator of the key file KF, by using 
the public key data K^g^p read from the storage unit 
192. ' ; 

[0460] Subsequently, in step S51 -4, after verifying the 
integrity of the signature data SIGy cp and'SIG^i ^qq in 
the signature processor 1 89, the key file KF is read from 
the work memory 200 and written into the encryption/ 
decryption (decoding) unit 172. 

[0461] Then, the encryption/decryption (decoding) 
unit 172 decrypts (decodes) the content key data Kc, 

the UCP data 1 06, and the SAM program download con- 
tainers SDC^ through SDC3 stored in the key file KF by 
using the license key data KD^ through KD3 of corre- 
sponding periods, and writes them into the work mem- 
ory 200, 

[0462] In step S51 -5, after conducting mutual authen- 
tication between the mutual authentication unit 170 
shown in Fig. 50 and the AA/ compression/decompres- 
sion SAM 163 shown in Fig. 49, the AA/ compression/ 
decompression SAM manager 1 84 of the SAM I5O2 out- 
puts the content key data Kc stored in the work memory 
200, the partially disclosing parameter data 199 stored 
in the UCP data 1 06, and the content data C stored In 
the content file OF read from the ROM area 131 of the 
recording medium (ROM) 1 30^ to the /W compression/ 
decompression SAM 163 shown in Fig. 49. 
[0463] Then, the /W compression/decompression 
SAM 1 63 decodes and decompresses the content data 
C in the partially disclosing mode by using the content 
key data Kc, and outputs it to the playback module 270. 
The content data C is then played back in the playback 
module 270. 

[0464] Thereafter, In step S51-6, the purchase mode 

of the content is determined according to the user's op- 
eration of the operation unit 165 shown in Fig. 49, and 
the internal Interrupt S810 indicating the determined 
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purchase mode is output to the CPU 1 1 00 of the SAM 
lOSg. 

[0465] In step S51-7, the accounting processor 187 
creates the UCS data 166 according to the operation 

5 signal SI 65 and writes it into the work memory 200. 
[0466] In step S51 -8, the content key data Kc and the 
UCS data 1 66 are output from the work memory 200 to 
the encryption/decryption (decoding) unit 173. 
[0467] The encryption/decryption (decoding) unit 1 73 

10 then sequentially encrypts the content key data Kc and 
the UCS data 166 by using the storage key data Ksjr. 
the medium key data K|^ed, and the purchaser key data 
KpiN read from the storage unit 192, and writes them 
into the work memory 200. 

15 [0468] In step S51 -9, the medium SAM manager 1 97 
creates the key file KF^ shown in Fig. 44C from the en- 
crypted content key data Kc, the UCS data 1 66, and the 
SAM program download containers SDC^ through 
SDC3 read from the work memory 200. 

20 [0469] In the signature processor 189, the hash value 
H^-j of the key file KF^ shown in Fig. 44C is created, and 
is output to the medium drive SAM manager 855. 
[0470] After conducting mutual authentication be- 
tween the mutual authentication unit 170 shown In Fig. 

25 50 and the medium SAM 1 33 shown in Fig. 49, the me- 
dium drive SAM manager 855 writes the key file KF^ and 
the hash value Hi^^ to the secure RAM area 132 of the 
recording medium (ROM) 130^ via the medium drive 
SAM 260 shown in Fig. 49. As a result, the recording 

30 medium 130^, for which the purchase mode is deter- 
mined, Is obtained. 

[0471 ] Simultaneously, the UCS data 1 66 and the us- 
age log data 108 created by the accounting processor 
187 are appropriately sent from the work memory 200 
35 and the external memory 201 , respectively, to the EMD 
service center 1 02. 

[0472] If the key file KF is stored In the medium SAM 
133 of the recording medium (ROM) 1301, the SAM 
1062 receives the created key file KFi from the medium 

40 SAM 133, as indicated by the one-dot chain line in Fig. 
49. In this case, the SAM 1 0Sg writes the created key 
file KF^ into the medium SAM 133. 
[0473] In step S51 -10, the CPU 1 1 00 of the SAM 1 0Sg 
detemnines whether the processing for determining the 

45 purchase mode of the content distributed via the above- 
described recording medium (ROM) has been correctly 
performed, and reports the result to the host CPU 810 
through an external interrupt. 

[0474] Alternatively, the CPU 1100 may set a flag in 
so the SAM status register indicating whether the above- 
described processing has been correctly performed, 
and the host CPU 810 may read the flag by polling. 

Processing for writing content data into a recording 
55 medium (RAM) after the purchase mode of the content 
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data in a recording medium (ROM) has been 

determined 



[0475] As shown In Fig. 52. the secure container 1 04, 
for which the purchase mode Is still undetemnlned, Is 
read from the recording medium (ROM) 1 30^, and a new 
secure container 104y is created in the AA/ machine 
I6O3 and is transferred to the A/V machine I6O2. The 
purchase mode of the secure container 104y is deter- 
mined in the AA/ machine 1 eOg, and the secure contain- 
er 104y is written into the recording medium (RAM) 
13O5. The flow of this process is described below with 
reference to Figs. 53, 54, and 55. 
[0476] it should be noted that the transfer of the se- 
cure container 1 04y from the recording medium (ROM) 
130i to the recording medium (RAM) I3O5 may be per- 
formed among any of the network device 160^ and the 
AA/ machines I6O2 through I6O4 shown in Fig. 1 . 
[0477] Referring lo the flow chart of Fig. 55, In step 
S55-0. according to the user's operation perfomned on 
the operation unit 165, the CPU 1100 shown in Fig. 53 
receives the internal interrupt S810 indicating an in- 
struction to transfer the secure container 1 04, for which 
the purchase mode is still undetermined, read from the 
recording medium (ROM) 130^ to the SAM 1062. 
[0478] In step S55-1 , the SAM 1063 checks the SAM 
registration list so as to determine whether the SAM 
1 052, which is to receive the secure container, is official- 
ly registered. If so. the SAM 1063 perfomns processing 
of step S55-2- The SAM 1053 also checks whether the 
SAM 1052 is a SAM within the home network. 
[0479] Then, in step S55-2, mutual authentication is 
perfomned between the SAM IO53 and the SAM 1052 
so as to share the session key data Kses- 
[0480] In step S55-3. mutual authentication is con- 
ducted between the SAM 1 053 of the AA/ machine I6O3 
and the medium SAM 133^ of the recording medium 
(ROM) 130i, and the medium key data K^^ed^ of the re- 
cording medium 130-, is transferred to the SAM 1063. 
[0481] If encryption using the medium key data K|^ED1 
is performed in the medium SAM 133., of the recording 
medium (ROM) 130^, the medium key data K^edi 
transferred to the SAM 1 063. 

[0482] Then, in step S55-4, mutual authentication is 
performed between the SAM lOSg of the AA/ machine 
1 6O2 and the medium SAM 1 335 of the recording medi- 
um (RAM) I3O5, and the medium key data K^Eoa 
recording medium I3O5 Is transferred to the SAM 1052- 
[0483] If encryption using the medium key data Kmed2 
is perfomned in the medium SAM I335 of the recording 
medium (RAM) 13O5, the medium key data Ki^eD2 's not 
transferred to the SAM 1 0Sg. 

[0484] In step S55-5, as shown in Fig. 53, the SAM 
1053 reads the content file OF and the signature data 
SIGq^cp ^''o^ ^^^^ recording medi- 

um (ROM) 130i via the medium drive SAM manager 
855, and outputs them to the SAM manager 1 90 and 
also controls the signature processor 189 to create the 



* signature data SIGggo^sAMS by using the private key data 

KsAMS.S- 

[0485] In step S55-6, as shown in Fig. 53, the SAM 
1053 reads the key file KF and the signature data 

5 SIGy cp from the secure RAM area 132 of the recording 
medium (ROM) 130., via the medium drive SAM man- 
ager 855, and outputs them to the SAM manager 190 
and also controls the signature processor 1 89 to create 
the signature data SIG352,sam3 by using the private key 

10 data KgAMsis- 

[0486] Then, In step S55-7. in the SAM 1 053, the pub- 
lic-key certificate data CERsams^'^c' signature data 
SIG351 Esc '^'*® ^^^^ storage unit 192 to the 
SAM nrianager 190. 

15 [0487] In; step S55-8, the secure container 104y 
shown in Figs. 54A through 54D is created in, for exam- 
ple, the SAM manager 190 of the SAM IO53. 
[0488] In [step S55-9, the encryption/decryption (de- 
coding) unit 171 of the SAM IO53 encrypts the secure 

20 container 1 04y by using the session key data Kses 
tained in step S55-2. 

[0489] Thereafter, in step S55-1 0, the secure contain- 
er 1 04y is sent from the SAM manager 1 90 of the SAM 
1 063 to the; A/V machine 1 SOg. 

25 [0490] Then, the CPU 1100 of the SAM 1063 deter- 
mines whether the above-described processing has 
been properly performed, and reports the result to the 
host CPU 81 0 through an external interrupt. 
[0491] Alternatively, the CPU 1100 may set a flag in 

30 the SAM status register Indicating whether the above- 
described processing has been properly executed, and 
the host CPU 810 may read the flag by polling. 
[0492] In-the SAM 1 052= underthe control of the CPU 
1100 according to the internal interrupt .S810 from the 

35 host CPU 81 0, as shown In Fig. 57, the secure container 
104y shown in Figs. 54A through 54D input from the 
SAM 1 053 via the SAM manager 1 90 is decoded in the 
encryption/decryption (decoding) unit 171 by using the 
session key data Kses- 

40 [0493] Then, in step S55-11 , the key file KF and the 
signature data SIG7 cp and SIGssq.sams. ^he public-key 
certificate ;data CERsams and the signature data 
SIG351 Esd. public-key certificate data CERcr 

and the signature data SIG^ esc within the secure con- 

45 tainer 1 04y are written Into the work memory 200. 

[0494] In step S55-1 2, the signature processor 1 89 of 
the SAM l;052 verifies the signature data SIGg cp ^^id 
SIG350 SAM3 stored In the secure container 1 04y, i.e., the 
Integrity of the creator and the sender of the content file 

50 CF. 

[0495] Then, in step S55-13, the content file CF is writ- 
ten into the RAM area 134 of the recording medium 
(RAM) I3O5 via the medium drive SAM manager 855. 
The content file CF may be directly written into the RAM 
55 area 134 of the recording medium (RAM) I3O5 without 
the SAM 1052 under the control of the host CPU 81 0. 
[0496] Subsequently, in step S55-14, the signature 
processor'l 89 checks the signature of the signature da- 
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ta SIG35^ ECS so as to verify the integrity of the public- 
key certificate data CERsams, and then verifies the in- 
tegrity of the signature data SIG7 cp. SIG352,sam3« 
S IG^i ESC- ' ■ ' integrity of the creator and the send- 
er of the key file KF, by using the public key data Ksam3 
and the public key data K^scp stored in the public-key 
certificate data CERsams- 

[0497] Thereafter, in step S55-15, the key file KF is 
read from the work memory 200 into the encryption/de- 
cryption (decoding) unit 172, and is decoded with the 
license key data KD^ through KD3 and is again written 
into the work memory 200, 

[0498] In step S55-16, the UCP data 106 of the de- 
coded key file KF stored in the work memory 200 is out- 
put to the usage monitor 1 86. Then, the purchase mode 
and the usage mode are managed (monitored) in the 
usage monitor 186 based on the UCP data 106. 
[0499] In step S55-17, by the user's operation on the 
operation unit 165 shown in Fig. 52, the purchase and 
usage modes of the content are determined, and the 
corresponding internal interrupt S810 is .output to the 
CPU 1 1 00 of the SAM 1 0Sg. 

[0500] In step S55-1 8, the UCS data 1 66 and the us- 
age log data 1 08 are created in the accounting proces- 
sor 187 based on the determined purchase and usage 
modes, and are written into the work memory 200 and 
the external memory 201 , respectively. The UCS data 
166 and the usage log data 1 08 are appropriately sent 
to the EMD service center 1 02. 

[0501] Then, in step S55-19, the content key Kc and 
the UCS data 1 66 are read from the work memory 200 
into the encryption/decryption (decoding);unit 173, and 
are sequentially encrypted by using the storage key data 
KsTR. the medium key data Kf^sD2^ purchaser 
key data Kpifg read from the storage unit 1 92. The en- 
crypted data are then output to the medium SAM man- 
ager 197. The key file KF is also output from the work 
memory 200 to the medium SAM manager 197, 
[0502] In step S55-20, the key file KF-, shown in Fig. 
44C is generated in the medium SAM manager 1 97, and 
is written into the medium SAM 1885 of the recording 
medium (RAM) 1 3O5 viathe medium SAM manager 1 97. 
ThekeyfileKF is also written into the medium SAM 1885 
of the recording medium (RAM) I3O5 via the medium 
SAM manager 197. 

[0503] In step S55-21 . the CPU 11 00 of the SAM 1 0Sg 
determines whether the above-described processing 
has been precisely performed, and reports the result to 
the host CPU 81 0 through an external interrupt. 
[0504] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the afore> 
mentioned processing has been accurately performed, 
and the host CPU 810 may read the flag by polling. 
[0505] The implementation method of the SAMs 1 05^ 
through 1064 is as follows. ] 
[0506] In implementing the functions 'of the SAMs 
1 05., through 1 054 as hardware, an application specified 
IC (ASIC)-type CPU having a built-in mehory Is used, 



64 

and a security function module, a program module for 
performing content rights processing, and highly secret 
data, such as key data, are stored in the memory to im- 
plement the functions shown in Fig. 30. A series of rights 

5 processing program modules, such as an encryption li- 
brary module (public key encryption, common key en- 
cryption, a random-number generator, hash functions), 
a program module for restricting the use of the contents, 
an accounting program module, etc. are implemented 

10 as, for example, software. 

[0507] For example, a module, such as the encryp- 
tion/decryption (decoding) unit 171, is implemented as 
an IP core within an ASIC-type CPU as hardware in view 
of the processing rate. In terms of the performance, such 

15 as the clock rate or the CPU code system, the encryp- 
tion/decryption (decoding) unit 171 may be implement- 
ed as software. 

[0508] As the storage unit 1 92 and a memory for stor- 
ing program modules and data for implementing the 

20 functions shown in Fig. 30, a non-volatile memory (flash 
ROM) may be used, and a fast memory, such as an 
SRAM, may be used as the work memory. Or, a FeRAM 
may be employed as a memory integrated in the SAMs 
105^ through 1064. 

25 [0509] The SAMs 1 05^ through 1 064 also have a built- 
in timing function forchecking the time and date required 
to verify the effective period and contracting period for 
the usage of the content. 

[0510] As stated above, the SAMs 1 05^ through 1 064 
30 have a high tamper-resistance structure in which the 
program modules, the data, and the processing con- 
tents are shielded from an external source. Each SAM 
sets an address space which is invisible from the corre- 
sponding host CPU by using a memory management 
35 unit (MMU) for managing the memory address of the 
host CPU. With this arrangement, highly private pro- 
grams and the contents of data stored in the memory of 
the IC of each SAM, a group of registers relating to the 
system configuration of the SAM, an encryption library, 
40 and a group of registers of clocks can be protected from 
being read or written via a host CPU bus. That Is, the 
above-described data and programs of each SAM are 
protected from being in the address space assigned by 
the host CPU. 

45 [0511] The SAMs 105^ through 1064 are also resist- 
ant to physical attacks from an external source, such as 
X rays and heat. Additionally, even if real time debug- 
ging (reverse engineering) is performed by using a de- 
bugging tool (hardware in-circuit emulator (ICE) or soft- 

50 ware ICE), the processing content is invisible, or the de- 
bugging tool itself becomes unusable after manufactur- 
ing the IC. 

[0512] In terms of the hardware structure, the SAMs 
105i through 1064 are regular ASIC-type CPUs having 
55 a built-in memory, and the functions of the SAMs 1 05^ 
through 1 064 are dependent on the software which op- 
erates the CPU. However, the SAMs 1 05^ through 1 064 
are different from regular ASIC-type CPUs in that they 
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have a hardware structure provided with an encryption 
function and tamper resistance. 
[0513] On the other hand, there are two approaches 
to Implement all the functions of the SAMs 1 05i through 
1064 as software. One approach is to perform software 
processing within a totally shielded module having high 
tamper resistance. The other approach is to perfomn 
software processing in a host CPU installed in an ordi- 
nary machine, but in which the software processing Is 
very difficult to decode. In the first approach, the encryp- 
tion library module is stored in the memory as a regular 
software module rather than an intellectual property (IP) 
core, namely, it can be considered to be implemented 
as hardware. On the other hand, according to the sec- 
ond approach, tamper-resistant software is used, and 
even if the execution content is decoded by an ICE (de- 
bugger), the execution order of the tasks may be mean- 
ingless (in this case, the tasks are partitioned so that the 
single task is meaningful as a program so as not to in- 
fluence the preceding and following tasks), or the tasks 
themselves may be encrypted. That is, the functions are 
implemented as a task scheduler (MiniOS) for enhanc- 
ing the security. The task scheduler provided is embed- 
ded in a target program. 

[0514] Details of the AA/ compression/decompres- 
sion SAM 163 shown in Fig. 22 are given below, 
[0515] The A/V compression/decompression SAM 
163 includes, as shown in Fig. 22, the mutual authenti- 
cation unit 220, the decoders 221 and 222, the decom- 
pression unit 223. the digital- watermark information 
processor 224, and a partially disclosing processor 225. 
[0516] The mutual authentication unit 220 perfonns 
mutual authentication with the mutual authentication 
unit 170 of the SAM lOS^ shown in Fig. 30 when the A/ 
V compression/decompression SAM 163 receives data 
from the SAM 1 05^ , and generates the session key data 

"^SES- . ^ ^ 

[0517] The decoder221 decodes the content key data 

Kc, the partially disclosing parameter 1 99, the user dig- 
ital watermark information data 1 96, and the content da- 
ta C received from the SAM 105^ by using the session 
key data Kqes- The decoder 221 then outputs the de- 
coded content key data Kc and the content data C to the 
decoder 222, and outputs the decoded user digital wa- 
termark inf onnation data 1 96 to the digital-watermark In- 
formation processor 224, and also outputs the partially 
disclosing parameter 1 99 to the partially disclosing proc- 
essor 225. 

[051 8] The decoder 222 decodes the content data C 
in the partially disclosing state by using the content key 
data Kc under the control of the partially disclosing proc- 
essor 225, and outputs the decoded content data C to 
the decompression unit 223. The decoder 222 also de- 
codes the whole content data C with the content key da- 
ta Kc in the nonnal operating mode, i.e., the mode other 
than the partially disclosing mode. 
[0519] The decompression unit 223 decompresses 
the decoded content data C and outputs it to the digital- 



watermark information processor 224. The decompres- 
sion unit 223 decompresses the content data 0 by us- 
ing, for example, the AA/ decompression software 
stored In the content file CF shown In Fig. 3A. according 
5 to, for example, the ATRAC3 method. 

[0520] The dlgital-watemnark information processor 
224 embeds the user digital watemnark infomnation ac- 
cording to the decoded user digital watermark infomna- 
tion data 196 into the decoded content data C so as to 
10 create new content data C. The digital-watennark infor- 
mation processor 224 then outputs the newly created 
content data C to the playback module 1 69. 
[0521] In this manner, the user digital watermark in- 
formation is;embedded into the content data C by the A/ 
15 V compression/decompression SAM 163 when repro- 
ducing the content data C. 

[0522] In the present invention, it may be determined 
that the user digital watermark information data 196 is 
not embedded into the content data C. 
20 [0523] The partially disclosing processor 225 informs 
the decoder 222, based on the partially disclosing pa- 
rameter 1 99, which blocks are to be decoded and which 
blocks are not to be decoded. The partially disclosing 
processor 225 may control the partially disclosing mode 
25 by, for exarinple, restricting the playback functions for 
demonstration or limiting the penod for listening to the 
content for demonstration. 

[0524] The playback module 169 perfonns the play- 
back operation according to the decoded and decom- 
30 pressed content data C. 

[0525] Processing for registering the SAMs 105-, 
through 1 05^ In the EMD service center 102 when they 
are shipped is as follows. The same registration 
processing is perfomried in the SAMs 1 05^ through 1 064, 
35 and thus, only the registration of the SAM 105^ is dis- 
cussed below. 

[0526] When shipping the SAM 105-,, the following 
key data is 'registered in the storage unit 192 shown in 
Fig. 30 via a SAM manager 149 by a key server 1 41 of 
40 the EMD sen/ice center 1 02. 

[0527] When the SAM 1 05., is shipped, for example, 
a program used for the initial access by the SAM 105-, 
to the EMD;sen/ice center 1 02 is also stored in the stor- 
age unit 1 92. 

45 [0528] More specifically the SAM 1 05^ stores in Initial 
registration, for example, the identifier SAM_ID of the 
SAM 105^, the storage key data Kstr> the public key 
data K^.ca O^ ^^^^ certifying authority 92, the public 
key data K^sc p 0^ the EMD sen^ice center 1 02, the pri- 
50 vate key data Ksami .s ^^e SAM 1 051 , the public-key 
certificate data CERsami signature data there- 

for SIG22.ESC' source key data for creating the 

authentlciation key data between the AA/ compression/ 
decompression SAM 163 and the medium SAM, all of 
55 which have the symbol "*" attached on the left side of 
the data, as shown in Fig. 34. 
[0529] The public-key certificate data CERqami 
be sent from the EMD service center 102 to the SAM 
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105-1 when the SAM 105^ is registered after being 
shipped. 

[0530] In shipping the SAM 1 05^ , the file reader des- 
ignating the reading fomnat of the content file CF and 
the key file KF respectively shown in Figs. 3A and 3B is 
written into the storage unit 192 by the .EMD sen/Ice 
center 1 02. Then , in the SAM 1 05^ , the file reader stored 
In the storage unit 192 is used when reading the data 
stored in the content file CF and the key file KF. 
[0531] The public key data Kp.^^ of the root certifying 
authority 92 uses the River-Shannir-Adleman (RSA) al- 
gorithnn, which is often used in electronic connmerce on 
the Internet, and the data length Is, for example, 1024 
bits. The public key data Kp.^A is issued by the root cer- 
tifying authority 92 illustrated in Fig. 1 . 
[0532] The public key data Kgsc.p EMD sen/ice 
center 102 Is generated by the elliptic curVe cryptosys- 
tem, whose encryption strength is comparable to or 
higher than Ihe RSA. and the data length is only, for ex- 
ample, 160 bits. However, considering the encryption 
strength, the public key data K^scp desirably has 192 
bits or greater. The EMD service center 102 registers 
the public key data K^sq p in the root certifying authority 
92. 

[0533] The root certifying authority 92 creates the 
public-key certificate data CERgsc of the PjUblic key data 
Kesc.p- The public-key certificate data CER^sc storing 
the public key data K^gc p 's stored in the storage unit 
192 preferably when shipping the SAM 105.,. In this 
case, the public-key certificate data CEResc 's signed 
with the private key data Krqot.s the root certifying 
authority 92. 

[0534] The EMD service center 102 generates a ran- 
dom numbers© as to create the private key data Ks;^,^,., § 
of the SAM 105^ and also creates the public key data 
KsAMLpto form a pair with the private key data Ksami,s- 
[0535] The EMD service center 102 also acquires a 
certificate from the root certifying authority 92 so as to 
issue the public-key certificate data CERqami the 
public key data Ksami.r. and attaches signature data 
with the private key data K^scs °^ the. EMD service 
center 1 02. That is, the EMD service center 1 02 serves 
as a second certifying authority. 
[0536] The unique identifier SAMJD Is assigned to 
the SAM 105^ fronn the EMD service center 102 under 
the control of the EMD service center 102. The unique 
identifier SAM_ID is stored in the storage unit 192 and 
is also managed by the EMD service center 102. 
[0537] After being shipped, the SAM 1 05^ is connect- 
ed to the EMD service center 1 02 by, for example, a us- 
er, and is registered. Then, the license key data KD-| 
through KD3 are transferred from the EMD service cent- 
er 1 02 to the storage unit 1 92. 

[0538] That is, the user of the SAM 105., is required 
to register in the EMD service center 1 02} before down- 
loading the content. This registration is jDerformed of- 
fline, such as by mail, with a registration sheet attached 
to the machine (in this example, the network device 
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160^) on which the SAM 105^ is loaded by filling in in- 
formation for specifying the user (user name, address, 
contact telephone number, gender, settlement account, 
login name, password, etc.). Until the above-described 
5 registration has been conducted, the user is unable to 
use the SAM 1 05^ . 

[0539] The EMD service center 102 issues an identi- 
fier USERJD unique to the user according to the user's 
registration, and nnanages the relationship between the 
10 SAMJD and the USERJD, which Is used for settling 
the account. 

[0540] The EMD service center 102 also assigns an 
information reference identifier ID and a password, 
which Is for initial use of the user of the SAM 1 05^ , and 

15 reports them to the user. The user makes a query to the 
EMD service center 1 02 about, for example, the current 
usage situation of the content data (usage log) by using 
the information reference identifier ID and the password. 
[0541] The EMD service center 102 makes a query 

20 to, for example, a credit card company to check the iden- 
tity of the user, or to the user offline about the identity of 
himself/herself in the user registration. 
[0542] A description is now given of the process for 
storing the SAM registration list in the storage unit 192 

25 within the SAM 105-,, as shown in Fig. 34. 

[0543] The SAM 105^ shown in Fig. 1 obtains the 
SAM registration list of the SAMs lOSg through 1064, 
which are in the same system as the SAM 1 05^, by uti- 
lizing a topology map created when a machine connect- 

30 ed to the bus 1 91 , for example, an IEEE-1 394 serial bus, 
is powered on, or when a new machine is connected to 
the bus 191. 

[0544] The topology map is created according to the 
bus 191 , not only for the SAMs 1 05., through 1 064, but 

35 also for SCMS processing circuits 1065 and 1 0Sg of A/ 
V machines 1 6O5 and 1 6O5 which are also connected to 
the bus 191, as illustrated in Fig. 58. Accordingly, the 
SAM 105^ creates theSAM registration list shown in Fig. 
59 by extracting the information about the SAMs 105^ 

40 through 1 064 from the topology map. 

[0545] The SAM 1 05., then registers the SAM regis- 
tration list shown in Fig. 59 in the EMD service center 
102 so as to obtain the signature. 
[0546] The aforementioned processing is automati- 

45 cally executed by the SAM 1 05^ by utilizing the session 
ofthebus 191 , and the SAM 105^ issues the registration 
command of the SAM registration list to the EMD service 
center 102. 

[0547] Upon receiving the SAM registration list shown 
50 in Fig. 59 from the SAM 105^, the EMD service center 
102 checks the effective period, and also checks for the 
settlement function designated by the SAM 105^ during 
registration. The EMD service center 102 refers to the 
prestored revocation list (certificate revocation list 
55 (CRL)) shown in Fig. 60 and sets the revocation flag 
within the SAM registration list. The revocation list is a 
list of the SAMs which are prohibited from being used 
(have become invalid) due to illegal use. In performing 
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communication between the SAI\/ls, each SAM checks 
the revocation list for whether the corresponding SAM 
has become invalid, in which case, the communication 
therebetween is discontinued. 

[0548] In settling the account, the EMD service center 
102 checks the SAM registration list of the SAM 105i 
for whetherthe SAMs described in the list are contained 
in the revocation list. The EMD service center 1 02 also 
attaches the signature to the SAM registration list. 
[0549] As a result, the SAM registration list shown In 
Fig. 61 Is created. 

[0550] The SAM revocation list is fomned for SAMs In 
the same system (i.e. , SAMs connected to the bus 191), 
and Indicates whether each SAM is invalid according to 
a revocation flag for the corresponding SAM. 
[0551] The revocation list CRL Is preferably updated 
automatically within the SAM according to, for example, 
updating data sent from the EMD service center 1 02 to 
the SAM. The security functions of the SAM are as fol- 
lows. 

[0552] As the security functions, the SAM possesses 
IP components of the encryption library, such as DES 
of the common key cry ptosy stem (Triple DES/advanced 
encryption standard (AES)), the elliptic curve cryptosys- 
tem of the public key cryptosystem (signature creation/ 
checking EC-DSA, common key creation EC-D. H., and 
public key cryptosystem EC-Elgamal), compression 
function (hash function) SHA-1 , and a random-number 
generator (intrinsic random number). 
[0553] The public key cryptosystem (elliptic curve 
cryptosystem) is employed for mutual authentication, 
signature creation, signature checking, and common 
key (session key) creation (delivering). The common 
key cryptosystem (DES) is employed for encrypting and 
decoding the content, and compression functions (hash 
functions) are employed for message authentication in 
signature creation and checking. 
[0554] Fig. 62 illustrates the security functions of the 
SAM. There are two types of security functions man- 
aged by the SAM: (1) a security function In the applica- 
tion layer for encrypting and decoding the content, and 
(2) a security function in the physical layer for securing 
a communication path by performing mutual authentica- 
tion with another SAM. 

[0555] In the EMD system 100, the content data C to 
be distributed is wholly encrypted, and a key is pur- 
chased upon settling the account. Since the UCP data 
106 is sent together with the content data C according 
tothein-band system, it is managed in a layer independ- 
ent of the type of network medium. It is thus possible to 
provide a common rights processing system independ- 
ent of the type of communication path, such as a satel- 
lite, terrestrial waves, cable, radio, or a recording medi- 
um. For example, when the UCP data 106 is inserted 
into the header of the protocol of the physical layer of a 
network, even for the same type of UCP data 106, it is 
necessary for each network to detemriine where the 
header the UCP data 106 Is inserted. 



[0556] In this embodiment, the content data C and the 
key file KF kre encrypted for protection by the applica- 
tion layer. Mutual authentication may be performed In 
the physical layer, the transport layer, or the application 

5 layer. Integrating the encryption function into the phys- 
ical layer means integrating the encryption function into 
hardware. Mutual authentication is desirably performed 
in the physical layer since the main object of perfomning 
mutual authentication is to ensure a communication 

10 path between the sender and the receiver. In actuality, 
however, mutual authentication is often implemented in 
the transpo'rt layer while being independent of the trans- 
mission channel. 

[0557] The security functions of the SAM include mu- 

15 tual authentication tor verifying the Integrity of another 
SAM to cornmunicate with, and encryption and decryp- 
tion (decoding) of content data which Involves account- 
ing processing in the application layer. 
[0558] Generally, mutual authentication between 

20 SAMs for performing communication between ma- 
chines is implemented in the application layer. However, 
it may be implemented In another layer, such as the 
transport layer or the physical layer. 
[0559] Mutual authentication to be implemented in the 

25 physical layer utilizes 5C1394CP (content protection). 
According to 1394CP, M6, which is the common key 
cryptosystem, is implemented In the isochronous chan- 
nel of a 1394L1NKIC (hardware). Mutual authentication 
(elliptic curve cryptosystem or common key cryptosys- 

30 tem using hash functions) is then perfomned with an 
asynchronous channel, and the resulting session key is 
transferred to M6 of the isochronous channel. As a re- 
sult, the common key cryptosystem Is implemented by 
M6. 

35 [0560] If iinutual authentication between SAMs is Im- 

plemented'in hardware of the physical layer, the session 
key obtained by performing mutual authentication using 
the public key cryptosystem (elliptic curve cryptosys- 
tem) is transferred to M6 of 1394L1NKIC via the host 
40 CPU, thereby encrypting the content data C by using 
the above-described session key together with the ses- 
sion key obtained by 1394CP. 

[0561] If mutual authentication between SAMs is per- 
fomned in the application layer, the content data C is en- 

45 crypted by utilizing the common key cryptosystem li- 
brary (DES/Tripie DES/AES) within the SAM. 
[0562] In this embodiment, for example, mutual au- 
thentication between the SAMs is implemented in the 
application layer, and mutual authentication by 1 394CP 

50 is implemented in the physical layer (hardware), such 
as 1394L1NKIC. 

[0563] In this case, encryption and decryption (decod- 
ing) of the" content data C which involves accounting 
processing is perfonned in the application layer. How- 
55 ever, the application layer is easy to access by the user 
and may be analyzed unlimitedly. Accordingly, in this 
embodiment, accounting-related processing is execut- 
ed within high tamper-resistant hardware in which the 



36 



<EP 1 130482A2J_> 



71 

processing content is fully protected from being moni- 
tored from an external source. This is the major reason 
for implementing the SAM as high tamper-resistant 
hardware. 

[0564] If accounting processing is executed within the 
host CPU, tamper-resistant software is implemented in 
the CPU. 

[0565] A description is now given, with reference to 
Fig. 63, of an example of implementation of various 
SAMs within, for example, the network device 160^ of 
the user home network 103 shown in Fig. 1 . 
[0566] The network device 160^ includes, as shown 
in Fig. 63, the host CPU 81 0^ , the SAM 1 051 , the down- 
load memory 167, the medium drive SAM, 260, a drive 
CPU 1003, and a shock proof (anti-vibration) memory, 
such as a dynamic RAM (DRAM) 1004. . 
[0567] Part of the download memory 1 67 and part of 
the shock proof memory 1004 are used as a common 
memory, which can be accessed from both the SAM 
1 05i and the host CPU 81 0-, . 

[0568] The shock proof memory 1 004 stores the con- 
tent data C received via a data bus 1 002, and then out- 
puts it to the AA/ compression/decompression SAM 
163. This makes it possible to sequentially output the 
content data C to the AA/ compression/decompression 
SAM 163 even if the reading operation of the content 
data C from the recording medium 1 30 Is Interrupted due 
to, for example, vibrations. It is thus possible to effec- 
tively prevent the interruption of the playback operation 
of the content data C. : 
[0569] The download memory 1 67 is connected to the 
host CPU bus 1000 via a module 1005 which consists 
of a memory controller and a bus arbiter/bridge. 
[0570] Fig. 64 illustrates the detailed configuration of 
the module 1 005 and the peripheral circuits. The module 
1005 includes, as shown in Fig. 64, a controller 1500 
and a bus arbiter/bridge 1501 . 

[0571] The controller 1500 serves as a DRAM inter- 
face (I/F) when a DRAM is used as the download mem- 
ory 167, and has a read/write (r/w) line, an address bus, 
a CAS line, and a RAS line to communicate with the 
download memory 167. 

[0572] The bus arbiter/bridge 1501 conducts arbitra- 
tion of the host CPU bus 1 000, and has a data bus to 
communicate with the download memory 1 67, and also 
has a r/w line, an address bus, a ready line, and has a 
chip select (CS) line, a r/w line, an address bus, a data 
bus, and a ready line to communicate with the SAM 
105^. The bus arbiter/bridge 1501 is connected to the 
host CPU bus 1000. 

[0573] The bus arbiter/bridge 1501. the host CPU 
81 0^, and the SAM 105., are connected to the host CPU 
bus 1 000. The host CPU bus 1 000 has a CS line, a rAw 
line, an address bus, a data bus, and a ready line. 
[0574] The download memory 167 and the shock 
proof memory 1 004 store the above-described content 
file CF and the key file KF. The storage area of the shock 
proof memory 1 004 other than the storage area used as 

{ 
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the common memory is employed for temporarily stor- 
ing the content data C received from the medium drive 
SAM 260 via the data bus 1 002 until the content data C 
is output to the A/V compression/decompression SAM 
5 163. 

[0575] The A/V compression/decompression SAM 
1 63 transfers data to the download memory 1 67 via the 
host CPU bus 1000, and also transfers data to the me- 
dium drive SAM 260 via the data bus 1 002. 
10 [0576] Not only the download memory 167, but also 
the SAM 105.j, the /W compression/decompression 
SAM 163, and a DMA 1010, are connected to the host 
CU bus 1000. 

[0577] The DMA 1010 centrally controls access to the 
15 download memory 167 via the host CPU bus 1000 ac- 
cording to a command from the host CPU 810^. 
[0578] The host CPU bus 1000 is also employed for 
communication with the other SAMs, i.e., the SAMs 
1052 through 1064, within the user home network 103 
20 by using a 1394-serial interface link layer. 

[0579] The drive CPU 1003, the medium drive SAM 
260, an RF amplifier 1006, a medium SAM interface 
1007, and a DMA 1011 are connected to a drive CPU 
bus 1001. 

25 [0580] The drive CPU 1 003 centrally controls access 
to the disk-type recording medium 130 according to a 
command from the host C PU 81 0., . In this case, the host 
CPU 810., serves as a master, while the drive CPU 1003 
serves as a slave. The drive CPU 1003 is handled as 

30 an I/O as viewed from the host CPU 810.,. 

[0581] The drive CPU 1003 encodes and decodes da- 
ta In accessing to the recording medium (RAM) 130. 
[0582] When the recording medium (RAM) 130 Is set 
in a drive, the drive CPU 1003 determines whether the 

35 recording medium 130 is suitable for the SAM 105^ 
(EMD system 100) (i.e., whether rights processing can 
be safely performed on the recording medium 130 by 
the SAM 105i). If so, the drive CPU 1003 reports the 
corresponding information to the host CPU 810^ and al- 

40 so instructs the medium drive SAM 260 to perfonn mu- 
tual authentication with the medium SAM 133. 
[0583] The medium SAM Interface 1 007 serves as an 
interface for access to the medium SAM 133 of the re- 
cording medium 1 30 via the drive CPU bus 1 001 . 

45 [0584] The DMA 1011 centrally controls access to the 
shock proof memory 1 004 via the drive CPU bus 1 001 
and the data bus 1002 according to a command from 
the drive CPU 1 003. The DMA 1 01 1 controls, for exam- 
ple, data transfer between the medium drive SAM 260 

so and the shock proof memory 1004 via the data bus 
1002. 

[0585] According to the configuration shown in Fig. 
63, for example, in performing communication, such as 
mutual authentication between the SAM 1051 and the 
55 medium SAM 133 of the recording medium 130, data 
transfer is conducted therebetween via the host CPU 
bus 1 000, the host CPU 81 0^, a register within the drive 
CPU 1003, the drive CPU bus 1001, and the medium 
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SAM interface 1007 based on the control of the host 

CPU 810i. 

[0586] In accessing the recording medium 130, mu- 
tual authentication is conducted between the medium 
drive SAM 260 and the medium SAI\/I 133. 
[0587] In compressing or decompressing data in the 
AN compression/decompression SAM 163 in order to 
access the download memory 16/ or the shock proof 
memory 1004, as discussed above, mutual authentica- 
tion is performed between the SAM 105^ and the A/V 
compression/decompression SAM 163. 
[0588] In this embodiment, in Fig. 63, the SAM lOS^ 
and the A/V compression/decompression SAM 1 63 are 
handled as devices connected to the I/O interface, as 
viewed from the host CPU 81 0^. Communication and 
data transfer of the SAM 1051 and the AA/ compression/ 
decompression SAM 1 63 with the host CPU 81 0-, is per- 
formed under the control of a memory I/O and address 
decoder 1020. In this case, the host CPU 810^ serves 
as a master, while the SAM 1 05^ and the A/V compres- 
sion/decompression SAM 163 serve as slaves. The 
SAM 1051 and the A/V compression/decompression 
SAM 163 execute processing instructed by the host 
CPU 81 Oi, and reports the results to the host CPU 81 0^ 
if necessary. 

[0589] The medium SAM 133 and the medium drive 
SAM 260 are handled as devices connected to the I/O 
interface, as viewed from the drive CPU 1 003. Commu- 
nication and data transfer of the medium SAM 133 and 
the medium drive SAM 260 with the drive CPU 1003 is 
perfonned under the control of a memory I/O and ad- 
dress decoder 1021. In this case, the drive CPU 1003 
serves as a master, while the medium SAM 1 33 and the 
medium drive SAM 260 serve as slaves. The medium 
SAM 133 and the medium drive SAM 260 execute 
processing Instructed by the drive CPU 1003 and re- 
ports the results to the drive CPU 1003 if necessary. 
[0590] Access control to the content file CF and the 
key file KF stored In the download memory 1 67 and the 
shock proof memory 1004 may be centrally perfonned 
by the SAM 105^. Alternatively, access control to the 
content file CF may be perfonned by the host CPU 81 0^, 
and access control to the key file KF may be perfonned 
by the SAM lOS^. 

[0591] The content data C read from the recording 

medium 130 by the drive CPU 1003 is stored in the 
shock proof memory 1 004 via the RF amplifier 1 006 and 
the medium drive SAM 260, and is then decompressed 
in the A/V compression/decompression SAM 163. The 
decompressed content data is converted into analog da- 
ta in a digital-to-analog (D/A) converter, and sound 
based on the converted analog signal is output from a 
speaker 

[0592] I n this case, the shock proof memory 1 004 may 
temporarily store the content data C consisting of a plu- 
rality of tracks, which are non-continuously read from 
storage areas discretely located in the recording medi- 
um 130. and then continuously output the content data 



C to the A/V compression/decompression SAM 163. 
[0593] The master-slave relationships of the various 
SAMs within the user home network 103 shown in Fig. 
63 are described below. 
5 [0594] For example, when the content data C, for 
which the purchase mode is determined, is recorded on 
the recordirig medium 130, as shown In Fig. 65, the host 
CPU 81 Oi outputs an Internal interrupt to instruct the 
SAM 105i, which serves as an I/O device, to detennine 
10 the purchase mode of the content data C, and also to 
perfonn mutual authentication with the medium SAM 
133 of the; recording medium 130, thereby recording 
content data C on the recording medium 130, 
[0595] In this case, the host CPU 810i serves as a 
15 master, while the SAM 1 05^ and the recording medium 
130 sen/e as slaves. The recording medium 1 30 is han- 
dled as an I/O device as viewed from the host CPU 81 0^ . 
[0596] In response to the internal Interrupt from the 
host CPU 81 0i, the SAM 105i communicates with the 
20 medium SAM 133 to determine the purchase mode of 
the content data C and also writes predetemiined key 
data, such as the content key data Kc, into the medium 
SAM 133. Upon completion of this processing, the SAM 
105., reports the processing result to the host CPU 81 0^ 
25 through an external interrupt or by polling of the host 
CPU 810^. 

[0597] In playing back the content data C, for which 
the purchase mode Is determined, recorded on a record- 
ing medium, an instruction to play back the content data 
30 C is given, as illustrated in Fig. 66, from the host CPU 
81 Oi to the SAM 105i through an internal interrupt. 
[0598] In response to the internal Interrupt, the SAM 
105i reads a key data block, such as the key file KF, 
from the medium SAM 133 of the recording medium 
35 130, and executes processing for playing back the con- 
tent data e based on the UCS data 166 stored in the 
key data block. 

[0599] The SAM 105^ outputs an internal interrupt to 
instruct the AN compression/decompression SAM 163 
40 to decompress the content data C read from the record- 
ing medium 130. 

[0600] Upon receiving the internal interrupt from the 
SAM 105i; the /VV compression/decompression SAM 
163 descrambles the content data C read from the re- 
45 cording medium 130, embeds and detects the digital 
watermark infonnation. and decompresses the content 
data. Then, the A/V compression/decompression SAM 
163 outputs the processed content data C to the D/A 
converter so as to play back the content data C. 
50 [0601] /\fter completion of the playback operation, the 
A/V compression/decompression SAM 1 63 reports the 
corresponding information to the SAM 105.,. 
[0602] Upon receiving the above-described informa- 
tion, the SAM 105i reports it to the host CPU 81 0^ via 
55 an external Interrupt. 

[0603] In this case, in the relationship between the 
host CPU 810^ and the SAM 105i, the host CPU 81 0^ 
serves as a master, while the SAM 105^ serves as a 
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slave. In the relationship between the SAM 1 05^ and the 
A/V connpression/decompression SAM 163, the SAM 
105i serves as a master, while the AA/ compression/ 
decompression SAM 163 serves as a slave. 
[0604] Although in this embodiment the AA/ compres- 
sion/decompression SAM 163 is the slave for the SAM 
105i. it may be a slave for the host CPU 810^ 
[0605] If the content data recorded on the recording 
medium 130 is played back without perfomiing rights 
processing of the content data, as shown in Fig. 67, the 
host CPU 81 0^ outputs an internal interrupt to instruct 
the A/V compression/decompression SAM 1 63 to exe- 
cute playback processing. The host CPU 81 0^ also out- 
puts an internal interrupt to instruct the medium drive 
SAM 260 to read the content data from the recording 
medium 130. 

[0606] Upon receiving the internal Interrupt, the me- 
dium drive SAM 260 decodes the content data read from 
the recording medium 130 in the decoder, and then 
stores It in the shock proof memory 1004. Upon com- 
pletion of this processing, the medium drive SAM 260 
reports the corresponding information to the host CPU 
810 through an external interrupt. 

[0607] The content data stored in the shock proof 
memory 1004 is read into the /W compression/decom- 
pression SAM 163: and undergoes processing, such as 
descrarnbling, embedding and detecting digital water- 
mark infomriation, and decompressing,, and is then 
played back via the D/A converter. 
[0608] Upon completion of this processing, the AN. 
compression/decompression SAM 163 reports this in- 
formation to the host CPU 81 0^ through an external in- 
terrupt. 

[0609] In this case, the host CPU 81 0^ serves as a 
master, while the A/V compression/decompression 
SAM 163 and the medium drive SAM 163 serve as 
slaves. 

[0610] Circuit modules for implementing the above- 
described functions of the SAMs within the user home 
network 1 03 are discussed below. 
[0611] As discussed above, the SAMs within the user 
home network 1 03 include the SAMs 1 05 (1 05^ through 
1064) for performing rights processing (profit distribu- 
tion), such as determining the purchase rhode, the me- 
dium SAM 133 disposed in a recording medium, the A/ 
V compression/decompression SAM 1 63, and the me- 
dium drive SAM 260. Circuit modules provided for the 
above-described SAMs are as follows. ] 

Example of rights processing SAM 

[0612] Fig. 68 illustrates a circuit module for a rights 
processing SAM 105a. 

[0613] The SAM 105a is tamper- resistant hardware 
(equivalent to a circuit module of the present invention) 
including, as shown in Fig. 68, a CPU 1 1 00, a DAM 1101, 
a MMU 1102, an I/O module 1103, a mask ROM 1104, 
a non-volatile memory 1105, a work RAM '1106, a public 
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key encryption module 11 07, a common key encryption 
module 1 1 08, a hash function module 1 1 09 , an (intrinsic) 
random-number generator 1 1 1 0, a real time clock mod- 
ule 1 1 1 1 , and an external bus l/F 1 1 1 2. 

5 [0614] The relationship between the elements of the 
rights processing SAM 1 05a and those of the present 
invention is as follows. The CPU 1100 corresponds to 
an arithmetic processing circuit. The mask ROM 1104, 
the non-volatile memory 1105, and the work RAM 1106 

10 correspond to a storage circuit. The common key en- 
cryption module 1108 corresponds to an encryption 
processing circuit. The external bus l/F 1112 corre- 
sponds to an external bus interface. 
[0615] As will be discussed below with reference to 

^5 Fig, 69, internal buses 1120 and 1121 correspond to a 
first bus of the present invention, and an external bus 
1 1 23 corresponds to a second bus of the present Inven- 
tion. 

[0616] The internal bus 1120 also corresponds to a 
20 third bus, and the internal bus 1 1 21 also corresponds to 
a fourth bus. 

[0617] The external bus l/F 1 1 1 2 corresponds to a first 
interface circuit, and a bus l/F circuit 1116 corresponds 
to a second interface circuit, 
25 [0618] An internal bus 1 122 corresponds to a fifth bus, 
an I/O module'corresponds to a third interface circuit, 
and a bus l/F circuit 1117 corresponds to a fourth inter- 
face circuit. 

[0619] A brief description of the relationship between 

30 the function module of the SAM 105^ shown in Fig. 30 
and the circuit module shown in Fig. 68 is given below. 
[0620] The CPU 1100 executes, for example, pro- 
grams stored in the mask ROM 1 1 04 and the non-vola- 
tile memory 1105, so as to implement the functions of 

35 the CPU 1100, the accounting processor 187, and the 
usage monitor 186 shown in Fig. 30. 
[0621] The DMA 11 01 centrally controls access to the 
download memory 167 shown in Fig. 22 and the storage 
unit 192 shown in Fig. 30 in response to a command 

40 from the CPU 1100. 

[0622] The MMU 1 1 02 manages the address spaces 
of the download memory 1 67 shown in Fig. 22 and the 
storage unit 192 shown in Fig. 30. 
[0623] The I/O module 1103 implements part of the 

45 functions of the medium SAM manager 197 shown In 
Fig. 30. 

[0624] The mask ROM 1104 stores fixed programs 
and data, such as an initializing program and an integrity 
check program for the SAM 1 05a, when manufacturing 

50 the SAM 105^, and implements part of the functions of 
the storage unit 192 shown in Fig. 30. 
[0625] The non-volatile memory 1105 stores variable 
programs and data, such as encryption programs and 
key data, and implements part of the functions of the 

55 storage unit 192 shown In Fig. 30. 

[0626] The work RAM 1106 corresponds to the.work 

memory 200 illustrated in Fig. 30. 

[0627] The public key encryption module 1 1 07 imple- 
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ments part of the functions of the signature processor 
1 89 illustrated in Fig. 30, and is used for performing mu- 
tual authentication with the mediunn SAM 1 33 according 
to the public key cryptosystem, creating signature data 
of the SAM 105, checking signature data (of the EMD 
service center 1 02, the content provider 101, and, in the 
second embodiment, the service provider 31 0) , encryp- 
tion and decryption of a small amount of data (such as 
the key file KF) to be transferred, and sharing a key. The 
public key encryption module 1 1 07 may be implemented 
as a circuit module (hardware (H/W) IP solution), or may 
be implemented by executing a public key encryption 
program stored in the non-volatile memory 1105 by the 
CPU 1100 (software (S/W) IP solution). 
[0628] The common key encryption module 1 1 08 im- 
plements part of thefunctions of the signature processor 
189 and the encryption/decryption (decoding) units 171, 
172, and 1 73, and is used for perfomiing mutual authen- 
tication and encrypting and decrypting data by using the 
session key data KgEs obtained by mutual authentica- 
tion. The common key cryptosystem realizes much fast- 
er processing than the public key cryptosystem, and is 
thus used for, for example, encrypting and decrypting a 
large amount of content data (content file CF). The com- 
mon key encryption module 1108 may be implemented 
as a circuit module (H/W IP solution), or may be imple- 
mented by executing the common key encryption pro- 
gram stored In the non-volatile memory 1105 by the 
CPU 1100 (S/W IP solution). 

[0629] Mutual authentication is achieved by encryp- 
tion and decryption of one or both of the public key en- 
cryption module 1107 and the common key encryption 
module 1108. 

[0630] The common key encryption module 1 1 08 de- 
codes the content key data Kc with the license key data 
KD. 

[0531] The hash function module 1109 Implements 
part of the functions of the signature processor 189 
shown in Fig. 30, and is used for generating hash values 
of data for which signature data is to be created. More 
specifically, the hash function module 1109 is used for 
checking the signature data of the content provider 1 01 
and the EMD service center 1 02, and also checking the 
hash value Hki of the key file KF^ of the secure contain- 
er 104x illustrated in Figs. 44A through 44D. The hash 
function module 1109 may be implemented as a circuit 
module (H/W IP solution), or may be implemented by 
executing a hash circuit module program stored in the 
non-volatile memory 1105 by the CPU 1100 (SAW IP so- 
lution). 

[0632] The random-number generator 1110 imple- 
ments part of the functions of the mutual authentication 
unit 170 illustrated in Fig. 30. 

[0633] The realtime clock module 11 11 generates real 
time, which is used for selecting the license key data KD 
with an effective period, or determining whether the re- 
quirements of an effective period Indicated by the UCS 
data 166 are satisfied. 



[0634] The external bus l/F 1112 implements part of 
the functions of the content provider manager 1 80, the 
download memory manager 182, and the EMD service 
center manager 185 shown in Fig. 30. 
5 [0635] Fig. 69 illustrates the hardware configuration 
within the SAM 105a. In Fig. 69, the same elements as 
those shovyn in Fig. 68 are designated with like refer- 
ence numerals. 

[0636] As shown in Fig. 69, within the SAM 1 05a, the 
10 CPU 1100, the mask ROM 1104, and the non-volatile 
memory 1105 are connected to each other via the SAM/ 
CPU bus 1120. 

[0637] The DMA 1 1 01 is connected to the internal bus 
1121. An l^C interface 1130, a medium SAM interface 
15 1131, a Memory Stick (MS) Interface 1132. and an IG 
card interface 1133 are connected to the internal bus 
1122. 

[0638] The medium SAM interface 11 31 transfers and 
receives data to and from the medium SAM 133 of the 
20 recording medium 130. The MS interface 1132 transfers 
and receives data to and from a memory stick 1 140. The 
IC card interface 1 1 33 transfer and receives data to and 
from an IC card 1141. 

[0639] The public key encryption module 1107, the 
25 common key encryption module 11 08, the hash function 
module 1109, the random-number generator 1110, the 
real time clock module 1111, the external bus l/F 1112, 
and an external memory l/F 1142 are connected to the 
external bus 1123. 
30 [0640] The host CPU bus 1000 shown in Fig. 63 is 
connectedto the external bus l/F 1112, and the external 
memory 201 shown in Fig. 63 is connected to the exter- 
nal memory l/F 1142. 

[0641] the SAM/CPU bus 1120 and the interna! bus 
35 1121 are connected via the bus interface 1116. The in- 
ternal buses 1122 and 1121 are connected via the bus 
interface 1117. The internal bus 1121 and the external 
bus 1123 are connected via a bus interface 1115. 
[0642] The above-described SRAM 1155 and the 
40 SAM status register 1 1 56 are stored in the bus interface 
1115. 

[0643] As stated above, the SAM status register 1 1 56 
has the first SAM status register 1156a and the second 
SAM status register 1156b. A flag indicating the status 
45 of the SAM 1051 read by the host CPU 81 0^ is set in 
the first SAM status register 1156a. A flag indicating 
whether a request to execute a task has been output 
from the host CPU 81 0^ is set In the second SAM status 
register 1156b, and this flag is read from the CPU 1100 
50 of theSAM 105^. 

[0644] The DMA 1101 centrally controls the mask 
ROM 1 1 04, the non-volatile memory 1 1 05, and the work 
RAM 1106 via the internal bus 1121 in response to a 
command from the CPU 1100. 
55 [0645] A MMU 1113 manages memory spaces of the 
mask ROM 1104, the non-volatile memory 1105, the 
work RAM 1106, and the download memory 167 shown 
in Fig. 63. 
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[0646] An address decoder 1114 performs address 
conversion when data is transferred between the inter- 
nal bus 1121 and the external bus 1123. 
[0647] A writing lock control circuit 1 1 35 controls writ- 
ing and erasing of each block of data into and from a 
flash ROM based on the lock key data of the C PU 1 1 00. 
[0648] The address space of the rights processing 
SAM 105a is described below. 

[0649] Fig. 70 illustrates the address space of the 
rights processing SAM 105a. The address space con- 
tains, starting from the start address, a boot program, 
the system configuration, a flash ROM, predetennlned 
programs, a device driver for the flash ROM, a device 
driver for a non-volatile memory, the work RAM 1106 
shown In Fig. 69, predetermined programs, the SRAM 

1155 shown in Fig. 69, the external memory 201, 
Key_TOC/Fi!e_System, a SAM registration list, the us- 
age log data 108, a register for the common key encryp- 
lion module 1108 shown in Fig. 69, a register for the pub- 
lic key encryption module 1107 shown in Fig. 69, a reg- 
ister for the hash function module 1109 shown in Fig. 
69, a register for the random-number generator 1110 
shown in Fig. 69, a registerforthe real time clock module 
1111 shown in Fig. 69, a current time register, an effec- 
tive period register, a control register, an IC card Inter- 
face, a medium SAM interface, a Memory Stick inter- 
face, and an I^C bus interface. 

[0650] In the field of the address space assigned to 
the system configuration, the DMA 1101 and the SAM 
status register 1156 shown in Fig. 69 are stored. 
[0651] In the field of the address space assigned to 
the flash ROM, a main routine (kernel), interrupt pro- 
grams, sub-routines called by the interrupt programs, a 
command analyzer (table indicating the relationship be- 
tween the commands and start addresses of the inter- 
rupt programs), and an interrupt vector table are stored. 
[0652] In the address space of the SAM 1 05a illustrat- 
ed in Fig. 70, the SAM status register 1156 and the 
SRAM 1155 are used as common memory spaces with 
the host CPU 81 0. 

[0653] The address space of the host CPU 81 0^ 
shown in Fig. 63 is described below with reference to 
Fig. 71. 

[0654] The address space of the host CPU 81 0^ con- 
tains, as shown in Fig. 71, starting from the start ad- 
dress, a boot program, the system configuration, a code 
ROM, a data ROM, a work RAM, a common memory 
shared with the SAM 105., shown in Fig. 63, a common 
memory shared with the AA/ compression/decompres- 
sion SAM 163 shown in Fig. 63, a common memory 
shared with the medium drive SAM 260 shown in Fig. 
63, and external devices. 

[0655] The SRAM 1155 and the SAM status register 

1156 shown in Fig. 69 are assigned to the common 
memory shared with the SAM 105^ shown in Fig. 63. 



Another example of rights processing SAM 

[0656] Fig. 72 illustrates a circuit module of a rights 
processing SAM 105b. In Fig. 72, the same elements 
5 as those shown in Fig. 69 are designated with like ref- 
erence numerals. 

[0657] The SAM 1 05b is fonrjed of, as shown In Fig. 
72, a secure memory 105ba, a host CPU 810, tamper- 
resistant software 1130, and an I/O module 1103. 

10 [0658] In the SAM 105b, the tamper-resistant soft- 
ware 1130 is executed by the host CPU 810 so as to 
implement the sanie function as the CPU 1100 shown 
in Fig. 68. As stated above, the tamper-resistant soft- 
ware 1130 is software in which the processing Is totally 

15 Shielded from an external source, and Is difficult to be 
analyzed or ovenwritten. 

[0659] The secure memory 1 05ba is tamper-resistant 
hardware including a mask ROM 1104, a non-volatile 
memory 1105, a work RAM 1106, a public key encryp- 

20 tion module 1107, a common key encryption module 
1108, a hash function module 1109, an (intrinsic) ran- 
dom-number generator 1110, a real time clock module 
1111, and an external bus l/F 1112. 
[0660] The public key encryption module 1107, the 

25 common key encryption module 1108, and the hash 
function module 1109 may be implemented as a circuit 
module (H/W IP solution), or may be implemented by 
executing a public key encryption program, a common 
key encryption program, and a hash function program, 

30 respectively, stored in the non-volatile memory 1 1 05 by 
the host CPU 810 (S/W IP solution). 
[0661] An example of the configuration of the above- 
described medium SAM 133 is as follows. Fig. 73 illus- 
trates a circuit module of the medium SAM 133. 

35 [0662] The medium SAM 133 is tamper-resistant 
hardware including, as shown in Fig. 73, a CPU 1200, 
a DMA 1201, an I/O module 1203, a mask ROM 1204, 
a non-volatile memory 1 205, a work RAM 1 206, a public 
key encryption module 1207, a common key encryption 

-^0 module 1208, a hash function module 1209, and an (in- 
trinsic) random-number generator 1210. 
[0663] The CPU 1200 controls the individual circuits 
within the tamper- resistant hardware, 
[0664] The work RAM 1206 corresponds to the work 

^5 memory 200 shown in Fig. 30. 

[0665] The public key encryption module 1 207 is used 
for performing operations according to the public key 
cryptosystem, for example, (1) performing mutual au- 
thentication with the SAM 1 05^ and the drive CPU 1 003 

50 shown in Fig. 63, (2) creating signature data of the me- 
dium SAM 133a and checking signature data (of the 
EMD service center 1 02, the content provider 101 , and 
in the second embodiment, the service provider 310), 
(3) encrypting and decrypting a small amount of data to 

55 be transferred, and (4) sharing the session key data 
^SES obtained by mutual authentication. The public key 
encryption module 1107 may be implemented as a cir- 
cuit module (H/W IP solution), or may be implemented 
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by executing the public key encryption program stored 
in the non-volatile memory 1205 by the CPU 1200 (S/ 
W IP solution). 

[0666] The common key encryption module 1208 is 
used for performing mutual authentication and for en- 
crypting and decrypting data, such as the key files KF 
and KFi by using the session key data Kses obtained 
by performing mutual authentication. The common key 
encryption module 1108 may be implemented as a cir- 
cuit module (H/W IP solution), or may be implemented 
by executing the common key encryption program 
stored in the non-volatile memory 1205 by the CPU 
1200 (SA/V IP solution). 

[0667] Mutual authentication can be realized by en- 
crypting and decrypting by one or both of the public key 
encryption module 1207 and the common key encryp- 
tion module 1208. 

[0668] The hash function module 1209 is used for 
generating hash functions of data. More specifically, the 
hash function module 1209 is used for verifying the hash 
value Hki of the key file KF^ of the secure container 
104X shown in Figs. 44A through 44D. The hash func- 
tion module 1 1 09 may be implemented as a circuit mod- 
ule (H/W IP solution), or may be implemented by exe- 
cuting the hash circuit module stored in the non-volatile 
memory 1205 by the CPU 1200 (S/W IP solution). 
[0669] The random-number generator 1210 is used 
for performing, for example, mutual authentication. 
[0670] The I/O module 1203 is used for performing 
communication with the medium SAM l/F 1007 shown 
in Fig. 63. 

[0671] The mask ROM 1204 stores fixed programs 
and data, such as an initializing program and an integrity 
check program for the medium SAM 133. when being 

shipped. * . . , 

[0672] The non-volatile memory 1 205 stores variable 
programs and data, such as encryption programs and 
key data. 

[0673] Fig. 74 illustrates data stored in the mask ROM 
1204 and the non-volatile memory 1205 when shipping 
the medium SAM 133 to be installed in a recording me- 
dium (ROM). 

[0674] When shipping the recording medium (ROM), 
the medium SAM 133 stores, as shown in Fig. 74, an 
identifier (ID) of the medium SAM, storage key data 
KsTR (medium key data K^ed^ Public key data K^scp 
of the EMD sen/ice center 102, public key data Kr.qa.p 
of the root certifying authority 92. public-key certificate 
data CERmsam of the medium SAM 1 33, public key data 
Kmsamp of the medium SAM 133, private key data 
KsAM s of the medium SAM 1 33, a revocation list, rights 
processing data, an entity ID which receives profits, the 
type of medium (medium type information and infomna- 
tion specifying either a ROM or a RAM), physical ad- 
dress information (register space address) of the key 
files KF, the key file KF of each content data C (content 
file CF). and predetermined check values (MAC values). 
[0675] The- physical address information (register 



space address) of the key files KF, the key file KF of 
each content data 0 (content file CF), and the predeter- 
mined check values (MAC values) are encrypted with 
the license ikey data KD managed by the EMD service 
5 center 102.: 

[0676] Fig. 75 illustrates data stored in the mask ROM 
1204 and the non-volatile memory 1205 when user reg- 
istration is conducted and the purchase mode is deter- 
mined after the medium SAM 133 to be installed in a 
10 recording medium (ROM) has been shipped. 

[0677] As shown in Fig. 75, a user ID, a password, 
favorite information, settlement information (for exam- 
ple, a credit card number), electronic money informa- 
tion, a key file KF^, etc. are newly added to the medium 
15 SAM 133 by the user registration. 

[0678] Fig. 76 illustrates data stored in the mask ROM 
1204 and the non-volatile memory 1205 when the me- 
dium SAM 133 to be installed in a recording medium 
(RAM) is shipped. 
20 [0679] As illustrated in Fig. 76, when shipping the re- 
cording medium (RAM), the medium SAM 1 33 stores an 
identifier (ID) of the medium SAM 133, recording key 
data KsTR (medium key data Kmed). P^^)''^ ^^^^ 
Kesc p ^he EMD service center 102, public key data 
25 Kr r a p Of the root certifying authority 92, public-key cer- 
mclte data CER^sam of the medium SAM 1 33, public 
key data Kmsam p of the medium SAM 133, private key 
data Kf^sAM s ot the medium SAM 133, a revocation list, 
rights processing data, an entity ID which receives prof- 
30 its and the type of medium (medium type information 
and information specifying either a ROM or a RAM). 
However, physical address infonnation (register space 
address) of the key files KF, key files KF and KF^ of each 
content data C (content file CF), and predetemnined 
35 check values (MAC values) are not stored. 

[0680] Fig. 77 illustrates data stored in the mask ROM 
1204 and the non-volatile memory 1205 when user reg- 
istration is conducted and the purchase mode is deter- 
mined after the medium SAM 133 to be installed in a 
40 recording medium (RAM) has been shipped. 

[0681] As illustrated in Fig. 77, in addition to a user 
ID, a password, favorite information, settlement infor- 
mation (for example, a credit card number), and elec- 
tronic moriey information, physical address information 
45 (register space address) of the key files KF. the key files 
KF and KF^ of each content data C (content file CF), 
and predetermined values (MAC values) are newly writ- 
ten into the medium SAM 133 by the user registration. 
[0682] The physical address information (register 
50 space address) of the key file KF. the key files KF and 
KFi of each content data C (content file CF), and the 
predetermined values (MAC values) are encrypted with 
the storage key data Ksjr- 



55 A/V compression/decompression SAM 163 

[0683] The A/V compression/decompression SAM 
163 implements, for example, the functions shown in 
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Fig. 22. 

[0684] Fig. 78 illustrates a circuit module of the AN 
compression/decompression SAIVI 163. 
[0685] The A/V compression/decompression SAM 
163 is tamper-resistant hardware including, as shown 
in Fig. 78, a CPU/DSP 1300, a DMA 1 301 , a mask ROM 
1304, a non-volatile memory 1305, a work RAM 1306, 
a common key encryption module 1308, an (intrinsic) 
random-number generator 1310, a compression/de- 
compression module 1320, a digital watermark embed- 
ding/detecting module 1321, and a partial-information 
disclosing control module 1322. 
[0686] The CPU/DSP 1300 centrally controls the in- 
dividual circuit modules within the AA/ compression/de- 
compression SAM 163 by executing programs stored in 
the mask ROM 1 304 and the non-volatile memory 1 305 
In accordance with a command, for examjale, from the 
SAM 105^ shown in Fig. 63. 

[0687] The DMA 1 301 centrally controls access to the 
mask ROM 1304, the non-volatile memory 1305, and 
the work ROM 1306 in accordance with a command 
from the GPU/DSP 1300. 

[0688] When the A/V compression/decompression 
SAM 163, the mask ROM 1304 stores fixed programs, 
such, as an initializing program and an integrity check 
program for the AA/ compression/decompression SAM 
163, and fixed data, such as an identifier AVSAM_ID of 
the A/V compression/decompression SAM 163. 
[0689] The non-volatile memory 1 305 stores variable 
programs and data, such as an encryption program and 
key data. 

[0690] The work RAM 1 306 stores the key file KF re- 
ceived from the SAM 1 05-|. 

[0691] The common key encryption module 1308 is 
used for conducting mutual authentication and for en- 
crypting and decrypting the content data G and the con- 
tent key data Kc by using the session key data Kses 
obtained by mutual authentication. The common key en- 
cryption module 1308 may be implemented as a circuit 
module (H/W IP solution) or may be impleniented by ex- 
ecuting the common key encryption program stored in 
the non-volatile memory 1305 by the GPU/DSP 1300 
(S/W IP solution). The common key encry'ption module 
1 308 also decrypts the content data C by using the con- 
tent key data Kc obtained from the SAM 105i. 
[0692] The (intrinsic) random-number generator 1310 
is used for performing mutual authentication with, for ex- 
ample, the SAM 105^. 

[0693] The compression/decompression module 
1320 implements the functions of, for example, the de- 
compression unit 223 shown in Fig. 22. More specifical- 
ly, the compression/decompression module 1320 de- 
compresses the content data received from the down- 
load memory 167 and the shock proof memory 1004 
shown in Fig. 63, and compresses the content data re- 
ceived from the A/D converter. 

[0694] The digital watermark embedding/detecting 
module 1321 implements the functions of the digital-wa- 



termark infomriation processor 224 shown in Fig. 22. For 
example, the digital watermark embedding/detecting 
module 1321 embeds predetemnlned digital watermark 
information into the content data to be processed by the 

5 compression/decompression module 1320 and detects 
the digital watermark information embedded into the 
content data, that is, it determines whether the process- 
ing executed by the compression/decompression mod- 
ule 1320 Is suitable. 

10 [0695] The partial-information disclosing control mod- 
ule 1322 implements the partially disclosing processor 
225 shown in Fig. 22, and plays back the content data 
according to the playback mode. 

15 Medium drive SAM 260 

[0696] Fig. 79 illustrates a circuit module of the medi- 
um drive SAM 260. 

[0697] The medium drive SAM 260 is tamper-resist- 
^0 ant hardware including, as illustrated in Fig. 79. a CPU 
1400, a DMA 1401, a mask ROM 1404, a non-volatile 
memory 1405, a work RAM 1406, a common key en- 
cryption module 1408, a hash function module 1409, an 
(intrinsic) random-number generator 1410, an encode/ 
25 decoder module 1420, a storage- key-data generating 
module 1430, and a medium-unique-ID generating 
module 1440. 

[0698] The CPU 1400 executes programs stored in 
the mask ROM 1404 and the non-volatile memory 1 405 

30 in accordance With a command from the drive CPU 1003 
shown in Fig. 63, and centrally controls the individual 
circuit modules within the medium drive SAM 260. 
[0699] The DMA 1 401 centrally controls access to the 
mask ROM 1404, the non-volatile memory 1405, and 

35 the work RAM 1406 In accordance with a command from 
the CPU 1400. 

[0700] When the medium drive SAM 260 is shipped, 
the mask ROM 1404 stores fixed programs, such as an 
initializing program and an integrity check program for 
^0 the medium drive SAM 260, and fixed data, such as 
Identifier MDSAM_ID of the medium drive SAM 260. 
[0701 ] The non-volatile memory 1 405 stores variable 
programs and data, such as encryption programs and 
key data. 

45 [0702] The work RAM 1 406 serves as a work memory 
for executing various processing. 
[0703] The common key encryption module 1408 is 
used for performing mutual authentication between the 
medium SAM 133 and the /W compresslon/decom- 

so presslon SAM 163, and for encrypting and decrypting 
the content file CF and the key file KF by using the ses- 
sion key data Kses' which is a common key obtained by 
mutual authentication, and also for encrypting the con- 
tent key data Kc using the storage key data K^jf^ and 

55 the medium key data Km^o- common key encryp- 
tion module 1408 verifies signature data and creates 
signature data by using the common key data and the 
hash values of data, for which signature data is to be 
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created. 

[0704] The common key encryption module 1 408 may 
be implemented as a circuit module (H/W IP solution), 
or may be implemented by executing the common key 
encryption program stored in the non-volatile memory 
1405 by the CPU 1400 (S/W IP solution). 
[07051 Encryption of the content key data Kc by using 
the storage key data Kstr may be perfomned by either 
the common key encryption module 1408 ot the medium 
drive SAM 260 or the medium SAM module 133. 
[0706] The hash function module 1409 is used for ver- 
ifying signature data and for generating hash values of 
data, for which signature data is to be created. 
[0707] The (intrinsic) random-number generator 1410 
IS used lor performing mutual authentication with, for ex- 
ample, the medium SAM 133. 

[0708] When accessing the content data stored in the 
ROM area or the RAM area of the recording medium 
130. ihD encoder/decoder module 1420 executes 
processing such as encoding, decoding. ECC, modu- 
lating, demodulating, sectorizing, and desectorizing, on 
the content data. 

[0709] The storage-key-data generating module 1 430 
generates the storage key data Kstr unique to each me- 
dium by using the medium unique ID generated by the 
medium-unique-ID generating module 1440. 
[0710] The medium-unique-ID generating module 
1440 generates a medium unique ID unique to each re- 
cording medium from the drive ID generated by the me- 
dium drive SAM 260 and the SAMJD of the medium 
SAM 133. 

[0711] The overall operation of the EMD system 1 00 
shown in Fig. 1 is described below with reference to the 

flow chart of Fig. 80. 

[0712] In step SI , after the content provider 101 per- 
forms predetermined registration, the EMD sen/ice 
center 1 02 sends the public key certificate CERcp of the 
public key data Kcpp of the content provider 1 01 . 
[0713] After the SAMs 105i through 1064 perfomn 
predetermined registration processing, the EMD sen/ice 
center 102 also sends the public key certificates 
CERcpi through CERcp4 the public key data Ksami.p 
through KSAM4.P of the SAMs 105^ through 1064, re- 
spectively. 

[0714] After conducting mutual authentication, the 
EMD service center 1 02 sends the license key data KD^ 
through KD3 for three months, each having a one-month 
effective period, to the SAMs 105^ through 105^ of the 
user home network 103. 

[071 5] In this manner, in the EMD system 1 00, the li- 
cense key data KD^ through KD3 are distributed to the 
SAMs 105^ through 1064 in advance. This enables the 
SAMs lOSi through 106410 purchase and utilize the se- 
cure container 1 04 distributed from the content provider 
101 by decoding the secure container 104 even while 
the SAMs 1 05i through 1 064 are disconnected from the 
EMD service center 1 02. In this case, the purchase and 
usage log is recorded in the usage log data 108, which 



• is then automatically sent to the EM D service center 1 02 
when the SAMs 105^ through 1064 are connected to the 
EMD service center 1 02. it is thus possible for the EMD 
service center 102 to reliably perform settlement 
5 processing. If the EMD service center 1 02 does not re- 
ceive the usage log data 1 08 in a predetermined period, 
it is able to make the corresponding SAM invalid in the 
revocation' list. The UCS data 166 is transmitted basi- 
cally in real time from the SAMs lOS^ through 1064 to 
10 the EMD service center 1 02. 

[0716] In step S2, after performing mutual authentica- 
tion with the EMD service center 102, the content pro- 
vider 1 01 authorizes the UCP data 106 and the content 
key data Kc by registering them in the EMD service cent- 
15 er 102. The EMD service center 102 also creates the 
key file KF for six months and sends it to the content 
provider 101. 

[0717] In step S3, the content provider 101 creates 
the content file CF and the signature data SIGg.cP there- 
to for, shown!in Fig. 3A, and the key file KF and the signa- 
ture data SIG7 CP therefor, shown in Fig. 3B. The content 
provider 101 then sends the secure container 104 in 
which the above-described files and data, and the pub- 
lic-key certificate data CERcp and the signature data 
25 SIG1 ESC therefor, shown in Fig. 3C, are stored, to the 
SAMs 105i through 1 064 of the user home network 1 03 
online or offline. 

[0718] In sending the secure container 104 online, a 
specific protocol for the content provider 1 01 is used to 
30 distribute the secure container 1 04 from the content pro- 
vider 101 to the user home network 103 in the format 
independent of the protocol (I.e., data to be transmitted 
by using a predetermined layer of a communication pro- 
tocol consisting of a plurality of layers). In sending the 
35 secure container 1 04 offline, the secure container 1 04 
is stored in a recording medium (ROM or RAM) and is 
sent from the content provider 1 01 to the user home net- 
work 103. 

[0719] Then, in step S4, the SAMs 105^ through IO54 
40 of the user home network 1 03 check the signature data 
SlGe CP. SIG7 CP. and SIGK^ ^sc W'^^in the secure con- 
tainer 104 distributed from the content provider 101 so 
as to verify the integrity of the creators and senders of 
the content file CF and the key file KF. Thereafter, the 
45 SAMs 105i through 1064 decode the key f ile KF by using 
the license key data KD^ through KDg of corresponding 
periods. 

[0720] Subsequently, in step 35, in the SAMs 105^ 
through 1064.. the purchase and usage modes are de- 
50 termined based on the internal interrupt SB1 0 from the 
host CPU 810 according to the user's operation on the 
operation. unit 185 shown in Fig. 22. 
[0721] In this case, the usage monitor 186 shown in 
Fig. 37 manages the purchase and usage modes of the 
55 content file CF selected by the user based on the UCP 
data 1 06 stored in the secure container 104. 
[0722] In step SB. the accounting processors 187 of 
the SAMs 105^ through 1064 shown in Fig. 37 create 
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the usage log data 108 and the UCS data 166 in which 
the purchase and usage modes are recorded, and send 
them to the EMD service center 102. 
[0723] In step S7, the EMD service center 102 exe- 
cutes accounting processing based on the usage log da- 
ta 108, and creates the settlement request data 152 and 
the settlement report data 1 07. The EMD service center 
1 02 sends the settlement request data 1 52 and the sig- 
nature data SIG99 therefor, to the settlement organiza- 
tion 91 via the payment gateway 90 shown in Fig. 1 . The 
EMD service center 1 02 also sends the settlement re- 
port data 1 07 to the content provider 101 . 
[0724] Then, in step SB, after verifying the signature 
data SIG99, the settlement organization 91 distributes 
the payment made by the user to content rights holders, 
such as the content provider 1 01 , based on the settle- 
ment report data 152. 

[0725] As described above, in the EMD system 100, 
the secure container 1 04 shown in Figs. 3A through 3C 
Is distributed from the content provider 1 01 to the user 
home network 1 03, and the key file KF within the secure 
container 104 Is processed In the SAMs 105.| through 
1054. 

[0726] The content key data Kc and the UCP data 1 06 
stored in the key file KF are encrypted with the license 
key data KD^ through KD3, and are decrypted only In 
the SAMs 105^ through 1 064 which hold the license key 
data KD^ through KD3. The SAMs 105^ through lOS^ 
are tamper-resistant hardware in which the purchase 
and usage modes of the content data C are determined 
based on the handling contents of the content data C 
recorded In the UCP data 106, 

[0727] Therefore, according to the EMD system 100, 
the content data C can be reliably purchased and uti- 
lized in the user home network 103 based on the UCP 
data 1 06 created by the content provider 101 or a con- 
tent-rights holder. 

[0728] Additionally, in the EMD system 100, the con- 
tent data C may be distributed from the content provider 
101 to the user home network 103 online or offline by 
storing it in the secure container 104. In this case, the 
rights processing of the content data C in the SAMs 105., 
through 1 064 are not influenced by whether the content 
data C is sent online or offline. 

[0729] In the EMD system 100, In purchasing, utiliz- 
ing, recording, and transferring the content data C in the 
network device 160., and the AA/ machines I6O2 
through I6O4 within the user home network 103, 
processing is always executed based on the UCP data 
106. Thus, rights processing rules In co'mmon to the 
whole user home network 103 can be established. 
[0730] Fig. 81 Illustrates an example of protocols for 
distributing the secure container 1 04 used In the first 
embodiment. ; 
[0731] In the multiple processor system (EMD sys- 
tem) 1 00, as illustrated in Fig. 81 , as protdcols for deliv- 
ering the secure container 1 04 from the content provider 
101 to the user home network 103, TCP/IP and XML/ 



SMIL, for example, are used. 

[0732] As protocols for transferring the secure con- 
tainer 104 between the SAMs of the user home network 
103 or between the user home networks 103 and 103a, 
5 for example, XML/SMIL which is constructed on a 
1394-serial bus/interface is used. In this case, the se- 
cure container 1 04 may be stored in a recording medium 
(ROM or RAM) and distributed between the SAMS. 



[0733] In the first embodiment, the content data Is di- 
rectly distributed from the content provider 101 to the 
SAMs 1 05-, through 1 064 of the user home network 1 03 . 
In the second embodiment, the content data is distrib- 
uted from a content provider to SAMs of a user home 
network via a service provider. 

[0734] Fig. 82 is a block diagram illustrating an EMD 
service system 300 of the second embodiment. 
[0735] The EMD service center 300 includes, as 
shown In Fig. 82, a content provider 301 , an EMD serv- 
ice center 302, a user home network 303, a service pro- 
vider 31 0, a payment gateway 90, and a settlement or- 
ganization 91 .. 

[0736] The content provider 301, the EMD service 
center 302, the SAMs 305^ through 3054, and the serv- 
ice provider 31 0 respectively correspond to a data pro- 
viding apparatus, a management apparatus, a data 
processing apparatus, and a data distribution apparatus 
of the present invention. 

[0737] The content provider 301 is similar to the con- 
tent provider 101 of the first embodiment except that it 
supplies content data to the service provider 310. 
[0738] The EMD service center 302 is similar to the 
EMD service center 1 02 of the first embodiment except 
that It exercises an authentication function, a key-data 
management function, and a rights processing function, 
not only forthecontent provider 101 and the SAMs 305^ 
through 3064, but also for the service provider 301 . 
[0739] The user home network 303 Includes a net- 
work device 360^ and AA/ machines 36O2 through 36O4. 
The network device 360., integrates a SAM 305., and a 
OA module 311 therein, and the A/V machines 36O2 
through 36O4 integrate SAMs 3052 through 3064 therein . 
[0740] The SAMs 305i through 3064 are similar to the 
SAMs 105^ through IO54, respectively, of the first em- 
bodiment, except that they receive a secure container 
304 from the service provider 310, and verify signature 
data of the content provider 301 and the service provider 
31 0, and also create service-provider (SP) purchase log 
data (data for a data distribution apparatus) 309 for the 
service provider 31 0. 

[0741] An overview of the EMD system 300 Is as fol- 
lows. 

[0742] In the EMD system 300, the content provider 
301 transmits the content key data Kc and the UCP data 
106, which is similar to that of the first embodiment and 
which Indicates the rights of the content data, such as 
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license agreement conditions of the content data C to 
be provided, to the EMD service center 302. which is a 
highly reliable authorizing organization. The UCP data 
1 06 and the content key data Kc are authorized (authen- 
ticated) by being registered in the EMD service center 
302. 

[0743] The content provider 301 encrypts the content 
data C with the content key data Kc so as to create the 
content file CR The content provider 301 receives a key 
file KF for six months for each content file CF fronn the 
EIVID service center 302. 

[0744] The key file KF contains signature data for ver- 
ifying the integrity of the key file KF and integrity of the 
creator and the sender of the key file KF. 
[0745] The content provider 301 then supplies the se- 
cure container 104 shown in Figs. 3A through 3C in 
which the content file CF, the key file KF, and the signa- 
ture data are stored to the service provider 310 offline 
via a recording medium or online via a network, such as 
the Internet, a digital broadcast, or by using an unofficial 
protocol. 

[0746] The signature data stored in the secure con- 
tainer 1 04 is used for verifying the integrity of the corre- 
sponding data and the integrity of the creator and the 
sender of the data. 

[0747] Upon receiving the secure container 1 04 from 
the content provider 301. the service provider 310 
checks the signature data so as to verify the integrity of 
the creator and the sender of the secure container 1 04. 
[0748] The service provider 31 0 then creates price tag 
data (PT) 31 2 obtained by adding a price for the services 
given by the service provider 310, such as authoring 
services, to the SRP, which has been reported to the 
service provider 31 0 offline, desired by the content pro- 
vider 301. 

[0749] The service provider 310 then extracts the con- 
tent file CF and the key file from the secure container 
1 04 and creates the secure container 304 in which the 
content file CF, the key file KF, the price tag data 312, 
and signature data Kgps therefor are stored. 
[0750] The key file KF Is encrypted with the license 
key data KD^ through KDg, and the service provider 31 0 
is unable to see the contentof the key file KF or overwrite 
it since it does not own the license key data KD^ through 
KDg. 

[0751] The EMD service center 302 also authorizes 
the price tag data 312 by registering it. 
[0752] The service provider 31 0 distributes the secure 
container 304 to the user home network 303 online or 
offline. If the secure container 304 is supplied offline, it 
is recorded on a recording medium (ROM) and is directly 
supplied to the SAMs 305^ through 3064. If the secure 
container 304 is supplied online, the service provider 
310 first performs mutual authentication with the CA 
module 311 , and encrypts the secure container 304 by 
using the session key data Kqes and sends it. The CA 
module 311 receives the encrypted secure container 
304 and decrypts it by using the session key data Kqes- 



and then transfers it to the SAMs 305-, through 3064. 
[0753] In; this case, as communication protocols for 
sending the secure container 304 from the content pro- 
vider 301 to the user home network 303, MHEG is used 
5 for a digital broadcast, and XMUSMIL/HTML is used for 
the Internet. The secure container 304 is embedded 
within the corresponding protocol according to a tun- 
neling technique without depending on the communica- 
tion protocol (coding method). 
10 [0754] Accordingly, the format of the secure container 
304 does not have to match the communication proto- 
col, thereby increasing the flexibility in selecting the for- 
mat of the secure container 304. 
[0755] Subsequently, the SAMs 305^ through 3064 
15 check the Signature data stored In the secure container 
304 so as to verify the integrity of the creator and the 
sender of the content file CF and the key file KF stored 
in the secure container 304. The SAMs 305i through 
3054 then decode the key file KF by using the license 
20 key data KD^ through KD3 of corresponding periods dis- 
tributed from the EMD service center.302. 
[0756] ln= the network devtee 360., and the AA/ ma- 
chines 36O2 through 36O4, the purchase and usage 
modes ofthe secure container304suppliedto the SAMs 
25 305t through 3064 are determined according to the us- 
er's operation, and the secure container 304 is then 
ready to be played back or recorded on a recording me- 
dium. 

[0757] The SAMs 305., through 3064 record the pur- 
30 chase and usage log of the secure container 304 as the 
usage log data 308. The usage log data (log data or a 
management-apparatus log data) 308 is sent from the 
user home network 303 to the EMD service center 302 
in response to, for example, a request from the EMD 
35 service center 302. 

[0758] Upon detenmining the purchase nnode of the 
content, the SAMs 305i through 3064 send the UCS da- 
ta 1 66 indicating the purchase mode to the EMD service 
center 302. 

40 [0759] The EMD service center 302 determines (cal- 
culates) the accounting content for each of the content 
provider 301 and the service provider 31 0 based on the 
usage log data 308, and settles the account, based on 
the calculated accounting content, by using the settle- 
45 ment organization 91 , such as a bank, via the payment 
gateway 90. According to this settlement, the payment 
made by the user of the user home network 303 to the 
settlement organization 91 is given to the content pro- 
vider 301 and the service provider 31 0 by the settlement 
so processing performed by the EMD setvice center 302. 
[0760] In this embodiment, the EMD service center 
302 has ari authentication function, a key-data manage- 
ment function, and a rights processing (profit distribu- 
tion) function. 

55 [0761] lOlore specifically, the EMD service center 302 
serves as a second certifying authority located at a layer 
lower thart the root certifying authority 92, which is the 
neutral supreme authority, and authenticates public key 



BNSDOCID: <EP 11304S2A2J_> 



46 



91 

data by attaching a signature to the public-key certificate 
data of the public key data by using private key data of 
the EMD service center 1 02. The public key data is used 
for verifying the integrity of the signature data in the con- 
tent provider 301, the service provider 310, and the 
SAMs 305^ through 3054. As stated above, the EMD 
service center 1 02 registers and authorizes the UCP da- 
ta 106 of the content provider 301 , the content key data 
Kc, and the price tag data 312 of the service provider 
310, which is also part of the authentication function of 
the EMD service center 302. 

[0762] The EMD service center 302 also has the key- 
data nnanagement function of managing key data, such 
as license key data KD^ through KDg. 
[0763] The EMD service center 302 also has the fol- 
lowing rights processing (profit distribution) function. 
The EMD service center 302 settles the account for the 
purchase and usage of the content made by the user 
based on the UCP data 106 registered by the content 
provider 301, the usage log data 308 input from the 
SAMs 305^ through 3064, and the price tag data 312 
registered by the service provider 310. and distributes 
the payment made by the user to the content provider 
301 and the service provider 31 0. i 
[0764] Details of the individual elennents of the con- 
tent provider 301 are as follows. ; 

[Content provider 301] 

[0765] The content provider 301 is similar to the con- 
tent provider 101 of the first embodiment except that it 
supplies the secure container 104 shown in Figs. 3A 
through 3C to the service provider 31 0 online or offline. 
[0766] That is, the content provider 301 creates the 
secure container 104 and inserts it into a product dis- 
tributing protocol for the content provider according to 
the process shown in Figs. 17 through 19* 
[0767] The service provider 310 then downloads the 
secure container 1 04 and extracts it from the protocol. 

[Service provider 310] 

[0768] The service provider 31 0 creates the secure 
container 304 in which the content file OF and the key 
file KF supplied from the content provider 301 and the 
price tag data 312 are stored, and distributes it to the 
network device 360^ and the AA/ machines 36O2 
through 36O4 of the user home network 303 online or 
offline. 

[0769] The services by the service provider 3 1 0 to the 
distribution of the content are largely divided Into two 
types, i.e., independent services and dependent servic- 
es. 

[0770] The independent services are | downloading 
services for Individually distributing the contents. The 
dependent services are services for distributing the con- 
tent together with programs or commercials (CM), for 
example, supplying the content of a theme song of a 
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drama program by inserting it in a drama program 
stream. This enables the user to purchase the content 
stored in the stream while watching the drama program. 
[0771] Upon receiving the secure container 104 from 

5 the content provider 301 , the service provider 31 0 cre- 
ates the secure container 304 according to the following 
process. 

[0772] A description is now given, with reference to 
the flow chart of Fig. 83, of the process of creating the 

10 secure container 304 from the secure container 1 04 re- 
ceived from the content provider 301 and distributing it 
to the user home network 303. 

[0773] In step S83-1, the service provider 310 re- 
ceives the secure container 104 shown in Figs. 3A 
^5 through 3C-f rom the content provider 301 online or of- 
fline, and stores it, 

[0774] If the secure container 104 Is sent online, the 
secure container 104 is decoded by using the session 
key data Kg^s obtained by mutual authentication be- 
20 tween the content provider 301 and the service provider 
310. 

[0775] In step S83-2, the service provider 31 0 verifies 
the integrity of the signature data SIG.| ^sc shown in Fig. 
3C of the secure container 104 by using the public key 

25 data K^scp EMD service center 302, and then, 

extracts the public key data Kcp,p from the public- key 
certificate data CERcp shown in Fig. 3C. 
[0776] The service provider 310 then checks the sig- 
nature data SIGg Qp and SIG7 Qp shown in Figs. 3A and 

30 3B, respectively, of the secure container 104 by using 
the extracted public key data Kcr.p so as to verify the 
integrity of the creator and the sender of the content file 
CF and the sender of the key file KF. 
[0777] The service provider 31 0 also checks the sig- 

35 nature data SIG^., ^sc stored in the key file KF shown 
in Fig. 3B by using the public key data K^scp ^s to 
verify the Integrity of the creator of the key file KF. This 
also verifies the official registration of the key file in the 
EMD service center 102. 

40 [0778] Thereafter, in step S83-3, the service provider 
310 creates the price tag data 312 obtained by adding 
a price forthe services of the service provider 310 to the 
RSP desired by the content provider 301 which has 
been reported from the content provider 301 offline. 

45 [0779] The service provider 31 0 also creates signa- 
ture data SIGgg.sp, SIGgasp, and SIGg4 3p ^^^^ 
hash values of the content file CF, the key file KF, and 
the price tag data 312, respectively, by using the private 
key data Kspp of the service provider 310. 

so [0780] The signature data SIGg2.sp is used for verify- 
ing the Integrity of the sender of the content file CF, the 
signature data SIGe3 gp is used for verifying the sender 
of the key file KF, and the signature data SIGg^gp 's 
used for verifying the creator and the sender of the price 

55 tag data 312. 

[0781] The service provider 31 0 then creates the se- 
cure container 304 in which the content file CF and the 
signature data SIGg Qp and SIG62.sp therefor, shown in 
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Fig. 84A, the key file KF and the signature data SIG7 cp 
and SIGea.Esc therefor, shown in Fig. 84B, the price tag 
data 312 and the signature data S1G64_sp therefor, 
shown in Fig. 84C. and the public-key certificate data 
CERsp and the signature data SIGs^ esc therefor and 
the public-key certificate data CERcr and the signature 
data SIG^ esc therefor, shown in Fig. 84D, are stored, 
and then stores the created secure container 304 in a 
secure container database. 

[0782] The secure container 304 stored in the secure 

container database is centrally managed by the service 
provider 310 by using, for example, the content ID. 
[0783] Fig. 84A Illustrates the configuration of the con- 
tent file CF when a DSP is used as an AA/ compression/ 
decompression device for decompressing the content 
data C. The DSP decompresses the content data C 
within the secure container 104, and also embeds and 
detects digital watermark information by using AA/ de- 
compression software and a digital watermark informa- 
tion module within the secure container 304. This ena- 
bles the content provider 301 to employ a desired com- 
pression method and a digital-watemiark embedding 
method. 

[0784] If hardware or prestored software is used as 
an AA/ compression/decompression device for decom- 
pressing the content data C and for embedding and de- 
tecting digital watermark information, the AN decom- 
pression software and the digital watermark information 
module may not be stored within the content file CF 
[0785] Then, in step 883-4, the service provider 31 0 
reads the secure container 304 from the secure contain- 
er database in response to a requestfrom the user home 
network 303. 

[0786] In this case, the secure container 304 may be 
a composite container In which a plurality of content files 
CF and a plurality of corresponding key files KF are 
stored. For example, in a single secure container 304, 
a plurality of content files CF concerning a piece of mu- 
sic, a video clip, a word card, a liner note, and a jacket 
may be stored. The plurality of content files CF may be 
stored within the secure container 304 in a directory 
structure. 

[0787] If the secure container 304 is sent via a digital 
broadcast, the MHEG protocol is employed. If the se- 
cure container 304 is sent via the Internet, the XML/ 
SMIL/HTML protocol is employed. 
[0788] In this case, the content file CF and the key file 
KF within the secure container 104 are stored in a pre- 
detennined layer of a communication protocol which is 
employed between the service provider 310 and the us- 
er home network 303 without being dependent on the 
coding method, such as the MHEG or HTML protocol. 
[0789] For example, if the secure container 304 is 
sent via a digital broadcast, as shown in Fig. 85, the con- 
tent file CF is stored as MHEG content data within a 
MHEG object. 
[0790] A MHEG object which is a moving picture is 
stored in a packetized elementary stream (PES)-video 



in the transport layer protocol, a MHEG object which is 
sound is stored in PES-audio in the transport layer pro- 
tocol, and a MHEG object which is a still image is stored 
in Private-Data. 
5 [0791 ] The key file KF, the price tag data 31 2, and the 
public-key certificate data CERcp. CERsp are stored, 
as shown in Fig. 86, in entitlement control message 
(ECM) within a TS packet of the transport layer protocol . 
[0792] The content file CF, the key file KF, the price 
10 tag data 31 2, and the public-key certif icate data CERqp, 
CERsp are. linked by the directory structure data DSD^ 
within the Header of the content file CR 
[0793] The service provider 31 0 then supplies the se- 
cure container 304 to the user home network 303 online 
15 and/or offline. 

[0794] If the secure container 304 is distributed to the 
network deS/ice 360^ of the user home network 303, the 
service provider 31 0 encrypts the secure container 304 
by using the session key data Kses after performing mu- 
20 tual authentication, and then distributes it to the network 
device 360.| via a network. 

[0795] If the secure container 304 is broadcast via a 
satellite, the sen/ice provider 310 encrypts the secure 
container 304 with scrambling key data Kscr- The 
25 scrambling key data Kscr 's also encrypted with work 
key data Kw, and the work key data Kw is encrypted 
with master key data K^^. 

[0796] The service provider 310 then sends the 
scrambling key data Kqcr and the work key data K^ 
30 together with the secure container 304 to the user home 
network 3ci3 via a satellite. The service provider 31 0 al- 
so distributes the master key data Kw by storing it In, for 
example, an IC card, to the user home network 303 of- 
fline. 

35 [0797] Upon receiving the SP purchase log data 309 
concerning the content data C from the user home net- 
work 303, the service provider 310 stores It. 
[0798] In determining future services, the service pro- 
vider 310 fefers to the SP purchase log data 309. The 
40 service provider 31 0 also analyzes, based on the pur- 
chase logidata 309, the user's favorites of the SAMs 
305i through 3064 which have sent the SP purchase log 
data 309, and then creates user favorite filer data 900 
and sends it to the CA module 311 of the user home 
45 network 303. 

[0799] The service provider 31 0 or a service-provider 
related organization registers in the EMD service center 
302 offline, and acquires a globally unique identifier 
SPJD by using an ID certificate of the service provider 
50 310 or a; bank account for performing settlement 
processing. 

[0800] The service provider 310 also authorizes the 
price tag data 312 by registering it in the EMD service 
center 302. 

55 

[EMD service center 302] 



[0801] As discussed above, the EMD service center 
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302 serves as a certifying authority (CA), a key manage- 
ment authority, and a rights processing (rights clearing) 
authority. 

[0802] Fig. 87 Illustrates the major functions of the 

EMD service center 302. The EMD service center 302 
perfonns processing, as illustrated In Fig. 87, such as 
supplying the license l<ey data to the content provider 
301 and the SAMs 305^ through 3064, Issuing the pub- 
lic-key certificate data CERcp, CER^p, and CERsami 
through CER3;^|^4, creating the key file KF, and settle- 
ment processing (profits distribution) based on the us- 
age log data 308. > 
[0803] Among the above-described functions, supply- 
ing the license key data, Issuing the public-key certifi- 
cate data CERcp and CERsami through CERsam4« 
creating the key file KF are similar to those of the EMD 
service center 102 of the first embodiment. 
[0804] Unlike the EMD sen/ice center 1 02, however, 
Ihe EMD service center 302 issues the public-key cer- 
tificate data CERsp of the service provider 31 0, and also 
distributes, based on the usage log data 308, the profits 
obtained by the purchase of the content data C in the 
SAMs 305., through 3064 to the content provider 301, 
content-provider rights holders, the service provider 
310, and service-provider rights holders. 
[0805] The contents of the usage log data 308 may 
be those shown in Fig. 21 . 

[0806] The EMD service center 302 also creates the 
user favorite filter data 900 for selecting content data C 
according to the user's favorites of the SAMs 305., 
through 3054 which have sent the usage log data 308. 
and sends It to the SAMs 305^ th rough 3054 via the SAM 
manager 149. 

[User home network 303] 

[0807] The user home network 303 ; includes, as 
shown in Fig. 82, the network device 360^ and the A/V 
machines 36O2 through 36O4. 

[0808] The network device 360., integrates the CA 
module 311 and the SAM 305., therein. The AA/ ma- 
chines 36O2 through 36O4 integrate the SAMs SOSg 
through 3064, respectively. The SAMs 305., through 
3054 are connected to each other via the bus 1 91 , such 
as a 1394-serial interface bus. 

[0809] The AA/ machines 36O2 through 36O4 may be 
provided with a network communication function, 
though it is not essential. If a network communication 
function is not provided, the AA/ machines 36O2 through 
36O4 may simply use the network communication func- 
tion of the network device 360^ via the bus 191. Alter- 
natively, the user home network 303 may include only 
A/V machines without a network function.; 
[0810] Details of the network device 360., are as fol- 
lows. 

[0811] Fig. 88 is a block diagram illustrating the net- 
work device 360^. The network device 380., includes, 
as shown in Fig. 88, the communication module 162, 



the CA module 311, a decoding module 905, the SAM 
305^, the A/V compression/decompression SAM 163, 
the operation unit 165, the download memory 167, the 
playback module 1 69, the external memory 201 , and the 

5 host CPU 810. The same elements as those shown in 
Fig. 22 are designated with like reference numerals. 
[0812] The communication module 162 perfomns 
processing for communicating with the service provider 
310. More specifically, the communication module 162 

10 outputs the secure container 304 received from the 
service provider 31 0 via, for example, a satellite broad- 
cast, to the decoding module 905. The communication 
module 1 62 also outputs the user favorite filter data 900 
received from the service provider 31 0 via, for example, 

75 a telephone line, to the CA module 311 , and also sends 
the SP purchase log data 309 received from the CA 
module 31 1 to the service provider 31 0 via, for example, 
a telephone line. 

[0813] Fig. 89 is a functional block illustrating the CA 

20 module 311 and the decoding module 905. 

[0814] The CA module 31 1 includes, as shown in Fig. 
89, a mutual authentication unit 906, a storage unit 907, 
an encryption/decryption unit 908, and a SP purchase 
log data generator 909. 

25 [0815] In sending and receiving data between the CA 
module 31 1 and the service provider31 0 via a telephone 
line, the mutual authentication unit 906 performs mutual 
authentication with the service provider31 0 so as to cre- 
ate the session key data ^sbs outputs it to the en- 

30 cryption/decryptlon unit 908. 

[081 6] The storage unit 907 stores the master key da- 
ta supplied offline from the service provider 310 by 
being stored in an IC card 912 afterthe service provider 
31 0 has made a contract with the user. 

35 [0817] The encryption/decryption unit 908 receives 
the encrypted scrambling key data Ks^p and work key 
data Kw from a decoder 910 of the decoding module 
905, and decrypts the work key data Kw by using the 
master key data Kf^ read from the storage unit 907. The 

40 encryption/decryption unit 908 then decrypts the scram- 
bling key data K^cn using the decrypted work key 
data Kyy,, and outputs it to the decoder 910. 
[0818] The encryption/decryption unit 908 also de- 
crypts the user favorite filter data 900 received from the 

45 service provider 310 by the communication module 162 
via, for example, a telephone line, by using the session 
key data Kqes ^^om the mutual authentication unit 906, 
and outputs it to a secure-container selection unit 911 
of the decoding module 905. 

50 [0819] The encryption/decryption unit 908 decrypts 
the SP purchase log data 309 received from the SP pur- 
chase log data generator 909 by using the session key 
data KsEs ^^^^ mutual authentication unit 906, and 
sends It to the service provider 310 via the communica- 

55 tion module 162. 

[0820] The SP purchase log data generator 909 gen- 
erates the SP purchase log data 309 indicating the pur- 
chase log of the content data C unique to the service 
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provider 310 based on the operation signal S165 ob- 
tained by performing the user's operation on the opera- 
tion unit 1 65 shown In Fig. 88, or based on the DCS data 
1 66 from the SAM 305^ . The SP purchase log data gen- 
erator 909 then outputs the SP purchase log data 309 
to the encryption/decryption unit 908, 
[0821] The SP purchase log data 309 includes infor- 
mation on distribution services of the sen/ice provider 
310 reflecting the user's opinion, a monthly basic fee 
(incurred by using a network), contract (update) infor- 
mation, and purchase log information. 
[08221 The CA module 31 1 communicates with an ac- 
count database of the service provider 31 0, if the service 
provider 310 has an accounting function, a client man- 
agement database, and a marketing information data- 
base. In this case, the CA module 311 sends account 
data for distribution services of the content data to the 
service provider 310. 

[0823] The decoding module 905 includes the decod- 
er 91 0 and the secure-container selection unit 911 . 
[0824] The decoder 910 receives the encrypted se- 
cure container 304, the scrambling key data Kscr> and 
the work key data from the communication module 
162. The decoder 910 then outputs the encrypted 
scrambling key data Kscr and the work key data Kw to 
the encryption/decryption unit 908 of the CA module 31 1 
and receives the decrypted scrambling key data Kqcr 
from the encryption/decryption unit 908. The decoder 
910 also decrypts the encrypted secure container 304 
by using the scrambling key data Kscr- and then outputs 
it to the secure-container selection unit 911 . 
[0825] If the secure container 304 is sent from the 
service provider 310 according to the MPEG2 transport 
stream method, the decoder 910 extracts the scram- 
bling key data Kscr from the ECM of theTS Packet, and 
extracts the work key data from the EMM. 
[0826] The ECM-also contains program attribute in- 
formation of each channel. The EMM also contains 
demonstration contract information of each user (view- 
er). 

[0827] The secure-container selection unit 911 filters 
the secure container 304 received from the decoder 91 0 
by using the user favorite filter data 900 received from 
the CA module 311 so as to select the secure container 
1 04 according to the user's favorite, and outputs it to the 
SAM 305y 

[0828] The SAM 305^ is discussed in detail below. 
[0829] The functions and the structure of the SAM 
305i are basically similar to those of the SAM lOS^ of 
the first embodiment described with reference to Figs. 
22 through 72, except that it perfonns processingfor not 
only the content provider 301. but also for the service 
provider 310. such as checking the signatures for the 
service provider 310. 

[0830] The SAMs 305^ through SOB^ are modules for 
performing accounting for each content and communi- 
cating with the EMD service center 302. 
[0831] The configuration of the user home network 



104 shown in Fig. 63 is applicable to the devices within 
the user home network 303. The configurations of the 
rights processing SAM. the medium SAM 133, the A/V 
compression/decompression SAM 163, and the medi- 
5 um drive SAM 260 described with reference to Figs. 68 
to 79 are applicable to the SAMs 305^ through 3064 
within the user home network 303. 
[0832] The SAMs 3052 through 3054 basically have 
the same functions as the SAM SOS^.. 
10 [0833] Details of the functions of the SAM 305^ are as 
follows. i 

[0834] Fig. 90 is a block diagram illustrating the func- 
tions of the SAM 305i. and also illustrates the flow of 
data relating to processing for receiving the secure con- 
15 tainer 304 from the service provider 310. 

[0835] The SAM 305^ includes, as shown in Fig. 90, 
a mutual authentication unit 170, encryption/decryption 
units 171 , 172, and 173, a download memory manager 
182, an AA/ compression/decompression SAM manag- 
20 er 184, an EMD service center manager 185, a usage 
monitor 186, a SAM manager 190, a storage unit 192, 
a medium SAM manager 197. a work memory 200, a 
service provider manager 580, an accounting processor 
587, a signature processor 589, an external memory 
25 rnanager 811 , and a CPU 1100. 

[0836] As in the case of the SAM 1 05^ . predetemnined 
function of the SAM 305^ shown in Fig. 90 are imple- 
mented by executing the private program by the CPU. 
[0837] In Fig. 90, the same functional blocks as those 
30 shown in Fig. 30 are designated with like reference nu- 
merals. 

[0838] In: the external memory 201 shown In Fig. 88, 
the usage log data 308 and the SAM registration list are 
stored by executing the processing discussed in the first 
35 embodiment and processing, which Is discussed below. 
[0839] In the work memory 200, as shown in Fig. 91 . 
the content key data Kc, the UC P data 1 06, the lock key 
data Kloc ^he storage unit 1 92, the public-key certif- 
icate data CERcp of the content provider 301 , the pub- 
40 lie-key certificate data CERsp of the service provider 
310, the UCS data 166, the SAM program download 
containers'SDCi through SDC3. and the price tag data 
312. 

[0840] Among the functional blocks of the SAM 305i, 
45 only the functional blocks unique to the second embod- 
iment in Fig. 90 are explained below. 
[0841] The signature processor 589 verifies the sig- 
nature data within the secure container 304 by using the 
public key data Kesc.p ^^D service center 302, 

50 the public key data Kcp.p of the content provider 301 . 
and the public key dataksp.R of the service provider 31 0, 
all of which are read from the storage unit 192 or the 
work memory 200. 

[0842] When the CPU 1100 receives the internal in- 
55 terrupt S81 0 from the host CPU 81 0 in accordance with 
the user's operation, as shown in Fig. 92, the accounting 
processor 587 performs accounting processing under 
the control of the CPU 1 1 00 in accordance with the con- 
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tent purchase and usage modes of the content based 
on the price tag data 312 read from the work memory 
200. 

[0843] The price tag data 312, which indicates the 
sales price of the content data to the user, is output to 
the exterior of the SAM 305^ via predetermined output 
means in determining the purchase mode of the content 
data by the user. 

[0644] The accounting processing by the accounting 
processor 587 is executed based on the' contents of 
rights, such as the licensing agreement conditions indi- 
cated by the UCP data 1 06, and the UCS data 1 66, un- 
der the monitoring of the usage monitor 1 86. That is, the 
user is able to purchase and utilize the content within 
the allowances of the rights. 

[0B45] In performing the accounting processing, the 
accounting processor 587 creates or updates the usage 
log data 308. and writes it into the external memory 201 
via the exlernal memory manager 811 . 
[0846] The usage log data 308, as well as the usage 
log data 108 used In the first embodiment, Is used for 
determining the payment of the license fee for the se- 
cure container 304 by the EMD service center 302. 
[0847] The accounting processor 587 also creates the 
UCS data 166 indicating the purchase: and usage 
modes of the content determined by the user under the 
control of the CPU 1 1 00, and writes it into the work mem- 
ory 200. 

[0848] The purchase modes of the content include 
"sell through" in which no restriction is imposed on play- 
back operation by the purchaser and copying for the use 
of the purchaser, "pay per play" In which charging incurs 
every time the content is played back, and so on. 
[0849] The UCS data 1 66 is created upon determining 
the purchase mode by the user, and is used for control- 
ling the use of the content to make sure that the user 
utilizes the content within the allowances of rights. In the 
UCS data 166, the content ID, the purchase mode, the 
sell through price, the SAM_ID of the SAM which has 
purchased the content, the USERJD of the user who 
has purchased the content, and so on. 
[0850] If the determined purchase mode is "pay per 
play", "pay per SCMS", or "pay per copy N without copy 
guard", the SAM 305^ sends the UCS datia 166 to the 
service provider 310 In real time, and the service pro- 
vider 31 0 instructs the EMD service center 302 to obtain 
the usage log data 308 from the SAM 305^ . 
[0851] If the determined purchase mode is "sell 
through", the UCS data 166 is sent to the service pro- 
vider 31 0 and the EMD service center 302 in real time. 
[0852] In the SAM 305^, as illustrated in! Fig. 90, the 
user favorite filter data 900 received from the EMD serv- 
ice center 302 via the EMD service center manager 1 85 
is output to the service provider manager 580. Then, in 
the service provider manager 580, the secure container 
304, which has been received from the decoding mod- 
ule 905 shown in Fig. 89 and filtered based on the user 
favorite filter data 900, is selected, and the selected se- 



cure container 304 is output to the download memory 
manager 182. This enables the SAM 305^ to select the 
content data C according to the user's favorite, based 
on the purchase of the content data C, obtained from all 
5 the service providers 310 which have made a contract 
with the user. 

[0853] The flows of the processes within the SAM 
305^ are as follows. 

^0 Processing to be executed when receiving license key 
data 

[0854] The flow of the process within the SAM 305^ 
for storing the license key data KD^ through KD3 re- 
^5 ceived from the EMD service center 302 in the storage 
unit 1 92 is similar to that of the first embodiment dis- 
cussed with reference to Fig. 35. 

Processing to be executed when receiving the secure 
20 container 304 from the service provider 31 0 

[0855] The flow of the process within the SAM 305., 

when receiving the secure container 304 from the serv- 
ice provider 31 0 is described below with reference to 
25 Fig. 93. 

[0856] In the following example, In the SAM 305^ . var- 
ious types of signature data are checked when receiving 
the secure container 304. However, the signature data 
may be checked when determining the purchase and 
30 usage modes rather than when receiving the secure 
container 304. 

[0857] In step. S93-0. the CPU 1 1 00 of the SAM 305^ 
shown in Fig. 90 receives from the host CPU 810 the 
internal interrupt S810 indicating an instruction to per- 

35 form processing for receiving the secure container. 
[0858] In step S93-1, the mutual authentication unit 
170 of the SAM 305-, shown in Fig. 90 performs mutual 
authentication with the service provider 310. 
[0859] Then, in step S93-2, the mutual authentication 

40 unit 170 of the SAM 305^ conducts mutual authentica- 
tion with the medium SAM 1 67a of the download mem- 
ory 1 67. 

[0860] In step 593-3, the secure container 304 re- 
ceived from the service provider 310 is written into the 

45 download memory 167. Simultaneously, the secure con- 
tainer 304 Is encrypted in the mutual authentication unit 
170, and is decrypted in the medium SAM 1 67a by using 
the session key data obtained in step S93-2. 
[0861] In step S93-4, the SAM 305^ decodes the se- 

50 cure container 304 by using the session key data ob- 
tained in step S93-1 . 

[0862] Subsequently, in step S93-5, the signature 
processor 589 verifies the signature data SIGg., ^gc 
shown In Fig. 84D, and then verifies the integrity of the 
55 signature data SIG62,sP' SIG63,sp> and SIG64 sp by us- 
ing the public key data Kgp p of the service provider 310 
stored in the public-key certificate data CERqp shown 
in Fig. 84D. 
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[0863] When verifying the integrity of the signature 
data SIG62SP. the integrity of the sender of the content 
file CF is verified. When verifying the integrity of the sig- 
nature data SIG63 sp. the Integrity of the sender of the 
l<ey file KF is verified. When verifying the integrity of the 
signature data SIG64.sp. the integrity of the creator and 
the sender of the price tag data 312 is verified. 
[0864] In step S93-6, the signature processor 589 ver- 
ifies the signature data SIG^ ,esc shown in Fig. 84D, and 
then, verifies the signature data SIGq qp SIG7 cp by 
using the public key data Kcp,p of the content provider 
301 stored in the public-key certificate data CERcp 
shown in Fig. 84D. 

[0865] When verifying the integrity of the signature 
data SIGe cP' the integrity of the creator and the sender 
of the content file CF is verified. When verifying the in- 
tegrity of the signature data SIG7 cp. the sender of the 
key file KF is verified. 

[0866] In step 93-7, the signature processor 589 
checks the signature data SIGki.esc within the- key file 
KF shown in Fig. 84B by using the public key data 
Kpsc p read from the storage unit 1 92 so as to verify the 
integrity of the creator of the key file KF and the official 
registration of the key file KF in the EMD service center 
302. 

[0867] Then, in step S93-8, the encryption/decryption 
unit 1 72 decrypts the content key data Kc, the UCP data 
106, and the SAM program download containers SDCi 
through SDC3 within the key file KF shown In Fig. 84B 
by using the license key data KD^ through KD3 of cor- 
responding periods read from the storage unit 192, and 
writes them into the worl< memory 200. 
[0868] In step S93-9, the CPU 1100 determines 
whether the above-described processing for receiving 
the secure container has been correctly perfomned, and 
reports the corresponding information to the host CPU 
810 through an external interrupt. 
[0869] Altematively, the CPU 11 00 may set a flag in 
the SAM status register indicating whether the above- 
described processing is suitably perfomied, and the 
host CPU 810 may-read the flag by polling. 



in the download memory 167 is basically similar to the 
processing performed by the SAM 1 05^ of the first em- 
bodiment described with reference to Fig. 40. 

Processing. to be executed when the UC S data 166 of 
one machine is utilized for r e-purchasing the content in 
another machine 



Processing for determining the pu rchase mode of 
downloaded secure container 



[0870] The processing for determining the purchase 
mode of the downloaded secure container is basically 
similar to that performed by the SAM 105^ of the first 
embodiment described with reference to Fig. 38. Ac- 
cording to this processing, the key file KFi shown in Fig. 
97C, which is discussed later, is stored in the download 
mernory 167 via the work memory 200 and the down- 
load memory manager 182. 

Playback processing of content data 

[0871] The playback processing of the content data 
C, for which the purchase mode is determined, stored 



[0872] After determining the purchase mode of the 
10 content file CF downloaded into the download memory 
167 of the network device 360.,, as shown in Fig. 94. a 
new secure container 304x storing the content file CF is 
created, and is transferred from the SAM 305i to the 
SAM 3052 of the A/V machine 36O2 via the bus 1 91 . This 
15 processing .in the SAM 305^ is discussed below with ref- 
erence to Figs. 95 and 96. 

[0873] The processing indicated by the flow chart of 
Fig. 96 is executed, assuming that the key file KF^ and 
the hash value Hki therefor shown in Fig. 97C are stored 
20 in the work memory 200 of the SAM 305^ according to 
the above-deschbed purchase processing. 
[0874] In step S96-1 , according to the user's opera- 
tion on the operation unit 1 65 shown in Figs. 88 and 94, 
the internal interrupt S810 making an instruction to 
25 transfer the secure container, for which the purchase 
mode is determined, to the SAM SOSg is output from the 
host CPU 810 to the CPU 1100 shown in Fig. 95. The 
accounting processor 587 updates the usage log data 
308 stored In the external memory 201 according to the 
30 detennined purchase mode under the control of the 
CPU 1100; ^ ^^^^ 

[0875] Iri step S96-2. the SAM 305i checks the SAM 
registratiori list discussed in the first embodiment so as 
to determine whether the SAM 3052. which receives the 
35 secure container, is officially registered. If so, the SAM 
305. executes processing of step S96-3. The SAM 305^ 
also determines whether the SAM 3052 is a SAM within 
the user home network 303. 

[0876] Then, in step S96-3, the mutual authentication 
40 unit 1 70 shares the session key data Kses obtained by 
mutual authentication with the SAM 3052- 
[0877] In step S96-4, the SAM manager 1 90 reads the 
content file CF and the signature data SiGe.cp and 
SIG7 CP shown in Fig. 84A from the download memory 
45 211 and causes the signature processor 1 89 to create 
the signature data SIG4,.sami by using the private key 
data KsAMi ^^e SAM 305i . 

[0878] In step S96-5. the SAM manager 1 90 reads the 
key file KF and the signature data SIG7 cp and SIGqs.sp 
50 shown in Fig. 84B from the download memory 211 : and 
causes the signature processor 589 to create the signa- 
ture data SIG42,SAM1 by using the private key data 
KsAMi o^the SAM 305^ 

[0879] Thereafter, in step S96-6. the SAM manager 
55 190 creates the secure container 304x shown in Figs. 
97A through 97E. 

[0880] In step S96-7, the encryption/decryption unit 
171 encrypts the secure container 304x shown in Figs. 
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97A through 97E by using the session key data K^^^ 
obtained in step S96-3. 

[0881] Then, in step S96-8, the SAM manager 190 
outputs the secure container 304x to the SAM SOSg of 
the A/V machine 36O2 shown in Fig. 94. In this case, not 
only mutual authentication between the SAMs 305^ and 
3052, ^'^0 mutual authentication of the bus 191, 
which Is an IEEE-1394 serial bus, is performed. 
[0882] In step S96-9, the CPU 1100 determines 
whether the above-described processing for transfer- 
ring the secure container 304x has been correctly per- 
formed, and reports the corresponding Information to 
the host CPU 810 through an external interrupt. 
[0883] Alternatively, the CPU 11 00 may set a register 
in the SAM status register indicating whetherthe above- 
described processing has been precisely performed, 
and the host CPU 810 may read the flag by polling. 
[0884] A description Is now given, with reference to 
Figs. 98, 99, and 100, of the flow of the process within 
the SAM 3052 when writing the secure container 304x 
shown in Figs. 97A through 97E input from the SAM 
305.| Into the recording medium (RAM) 1304, as shown 
in Fig. 94. 

[0885] Figs. 99 and 100 are a flow chart illustrating 
the above-described processing. The recording medi- 
um (RAM) 1304 includes, as shown in Fig. 14, the un- 
secured RAM area 134, the medium SAM 133, and the 
secure RAM area 132. 

[0886] In step S99-0, the CPU 1100 of the SAM 3052 
shown in Fig. 98 receives from the host CPU 810 the 
internal interrupt 381 0 Indicating an instruction to record 
the received secure container, for which the purchase 
mode is determined, on a recording medium. 
[0887] Then, In step S99-1 , the SAM SOSg checks the 
SAM registration list to determine whether the SAM 
3051 , which has sent the secure container, Is officially 
registered. If so, the SAM 3052 executes step 899-2, 
The SAM SOSg also detemnines whether the SAM 305^ 
Is a SAM within the user home network 303. 
[0888] In step S99-2, as the processing con^espond- 
Ing to step S96-3, the SAM 3052 shares session key 
data Kggs obtained by performing mutual authentication 
with the SAM 305^. 

[0889] Then, in step S99-3, the SAM manager 1 90 of 
the SAM 3052 receives, as shown in Fig. 94, the secure 
cental ner304x from the SAM 305., of the network device 
360^. 

[0890] In step S99-4, the encryption/decryption unit 
1 71 decrypts the secure container 304x received via the 
SAM manager 190 by using the session key data K^^s 
shared in step S99-2. 

[0891] Subsequently, in step S99-5, the content file 
CF within the decrypted secure container. 304x under- 
goes processing, such as sectorizing, adding a sector 
header, scrambling, ECC encoding, modulating, and 
synchronizing, by the medium drive SAM 260 shown in 
Fig. 94, and is then recorded on the RAM area 134 of 
the recording medium (RAM) I3O4. 



[0892] In step S99-6, the signature data SIGg op, 
SIG62,sp. and SIG41 sami within the secure container 
304x decrypted with the session key data Kses. the key 
file KF and the signature data SIG7 cp. SIGgasp. and 

5 SIG42 SAM1 ' *^®y KFi and the hash value H^i , the 
public key signature data CERgp and signature data 
SIGgi Esc» the public key signature data CERcp and sig- 
nature data SIG^ ESQ, and the public key signature data 
CERsAMi and signature data SIG22.ESC are written Into 

10 the work memory 200. 

[0893] In step S99-7, in the signature processor 589, 
the signature data SIGg^^g^ ^'^i.esc. ^'^22.esc 
read from the work memory 200 is checked by using the 
public key data K^scp read from the storage unit 192 

15 so as to verify the integrity of the public-key certificate 
data CERsp, CERcp, and CERsamv 
[0894] Then, In the signature processor 589, the in- 
tegrity of the signature data SIGg Qp is verified by using 
the public key data K^pp stored in the public-key certif- 

20 icate data CERqp so as to verify the integrity of the cre- 
ator of the content file CF. Also in the signature proces- 
sor 589, the integrity of the signature data S1G62,sp '® 
verified by using the public key data Kgpp stored in the 
public-key certificate data CERsp so as to verify the in- 

25 tegrity of the senderof the content file CF. Thesignature 
processor 589 verifies the integrity of the signature data 
SIG4-1 SAM1 using the public key data Ksami.p stored 
in the public-key certificate data CERg;^,^^ so as to verify 
the integrity of the sender of the content file CF. 

30 [0895] In step S99-8, In the signature processor 589, 
the integrity of the signature data SIG7 cp> SIGga sp. and 
SIG42 

SAM1 stored In the work memory 200 is verified by 
using the public key data Kcp,p, Kgpp, and Kg^Mip 
stored in the public-key certificate data CER^p, CERgp, 

35 and CERgAMi' ''®®P®ctively. 

[0896] Then, in step S99-9, in the signal processor 
589, the integrity of the signature data SIG^i esc stored 
In the key file KF shown in Fig. 97B is verified by using 
the public key data K^scp read from the storage unit 

40 1 92 so as to verify the integrity of the creator of the key 
file KF, 

[0897] In step S99-10, the signature processor 589 
checks the integrity of the hash value H^^ so as to verify 
the integrity of the creator and the sender of the key file 
45 KFi. 

[0898] In this embodiment, the creator and the sender 
of the key file KF.| are the same. However, if they are 
different, signature data for the creator and signature 
data for the sender are created, and the integrity of both 

50 signature data is verified in the signal processor 589. 
[0899] In step S99-11, the usage monitor 186 starts 
to control the purchase and usage modes of the content 
data C by using the UCS data 1 66 stored in the key file 
KFi decrypted in step S99-10. 

55 [0900] Then, in step S99-1 2, the user determines the 
purchase mode by operating the operation unit 165, and 
the corresponding operation signal SI 65 is output to the 
accounting processor 587. 
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[0901] In step S99-13, the accounting processor 587 
updates the usage log data 308 stored in the external 
memory 201 based on the operation signal S165. The 
accounting processor 587 also updates the UCS data 
1 66 according to the detemiined purchase nnode every 
time the purchase mode o1 the content data C is deter- 
mined. . 
[0902] Subsequently, in step S99-1 4, the encryption/ 
decryption unit 1 73 encrypts the UCS data 166 gener- 
ated in step S99-12 by sequentially using the storage 
key data Kstr the medium key data K^eD' the purchas- 
er key data Kp.^ read from the storage unit 192, and 
outputs the encrypted UCS data 166 to the medium 
drive SAM manager 855. 

[0903] m step 899-15, the medium drive SAM man- 
ager 856 performs processing, such as sectorizing, add- 
ing a sector header, scrambling, ECC encoding, modu- 
lating, and synchronizing, on the key file KF^ in which 
the new UCS dala 166 is stored, and records it on the 
secure RAM area 132 of the recording medium (RAM) 
1 30 

[0904] Thereafter in step S99-16, the key file KF is 
read from the work memory 200, and is written into the 
secure RAM area 132 of the recording medium (RAM) 
1 3O4 by the medium drive SAM 260 shown in Fig. 94 via 
the medium drive SAM manager 855. 
[0905] In step S99-17, the CPU 1100 determines 
whether the above-described processing has been cor- 
rectly performed, and reports the corresponding infor- 
mation to the host CPU 810 through an external inter- 
rupt. 

[0906] Alternatively, the CPU 1 1 00 may set a flag in 
the SAM status register indicating whether the above- 
described processing has been correctly performed, 
and the host CPU 810 may read the flag by polling. 
[0907] The processing for determining the purchase 
mode of the content data by a recording medium (ROM), 
and the processing for writing the content data into a 
recording medium (RAM) after the purchase mode of 
the content data is determined by a recording medium 
(ROM) are similar to those performed by the SAM 305^ 
of the first embodiment, except that the signature data 
SlGsp attached by using the private key data Ksp,p by 
the service provider 310 is checked. 
[0908] A method for Implementing the SAM SOS^ is 
similar to that of the SAM 105^ of the first embodiment. 
[0909] The configuration ot the user home network 
103 discussed In-the first embodiment is applicable to 
the devices employed In the user home network 303. In 
this case, the configurations of the first embodiment dis- 
cussed with reference to Figs. 64 through 79 are appli- 
cable to the circuit modules of the SAM 305^, the AN 
compression/decompression SAM 163, the medium 
drive SAM 260, and the medium SAM 1 33. 
[091 0] Similarly, the security functions described with 
reference to Fig. 62 are applicable to those of the EMD 
system 300, except for the content provider 101 is sub- 
stituted with the service provider 310. 



[091 1 1 The connection, models of the various devices 
in the user home network 303 are as follows. 
[0912] Fig. 1 01 illustrates an example of the connec- 
tion models of the devices in the user home network 
5 303. 

[0913] As shown in Fig. 1 01 , the network device 360^, 
and the AA/ machines 36O2 and 36O3 in the user home 
network 303 are connected to each other via the lEEE- 
1394 serial bus 191. 
10 [0914] The network device 360^ includes the external 
memory 201 , the SAM 3051 , the CA module 31 1 , the A/ 
V compression/decompression SAM 163, and the 
download memory 167. 

[0915] The CA module 311 communicates with the 
15 service provider 31 0 via a network, such as a public line. 
The SAM 305i communicates with the EMD service 
center 302 via a network, such as a public line. As the 
download memory 167, a Memory Stick provided with 
the medium SAM 167a or a hard disk drive (HDD) may 
20 be used. The download memory 1 67 stores the secure 
container 304 downloaded from the service provider 
310. 

[091 6] Each device integrates a plurality of AA/ com- 
pression/decompression SAMS 163 compatible with 
25 various compression/decompression methods, such as 
ATRAC3 and MPEG. 

[0917] The SAM 305^ is able to communicate with the 
contact-type or non-contact-type IC card 1141. The IC 
card 1141 stores various types of data, such as a user 
30 ID, and is used for performing user authentication in the 
SAM305i. 

[0918] The A/V machine 36O2 is, for example, a stor- 
age device, and after perfomning predetemnined 
processing between the SAMs 305^ and 3052, the se- 
35 cure container received from the network device 3601 
via the IEEE-1394 serial bus 191 is recorded on the re- 
cording medium 130. 

[0919] Likewise, the AA/ machine 36O3 is, for exam- 
ple, a storage device, and after perfonning predeter- 
40 mined processing between the SAMs 3052 and 3053, 
the secure container received from the AA/ machine 
36O2 via the IEEE-1394 serial bus 191 Is recorded on 
the recording medium 130. 

[0920] In the example shown in, Fig. 101 . the medium 
45 SAM 1 33 is loaded on the recording medium 130. How- 
ever, if the medium SAM 1 33 is not provided for the re- 
cording medium 130, mutual authentication between 
the SAMs 3052 and 3063 is performed by using the me- 
dium drive SAM 260 indicated by a one-dot chain rec- 
50 tangle in Fig. 101. 

[0921] The overall operation of the EMD system 300 
shown In Fig. 82 is described below with reference to 
Figs. 102 and 103. 

[0922] In this case, the secure container 304 is sent 
55 online from the service provider 310 to the user home 
network 303 by way of example. The processing shown 
in Figs 102 and 103 is executed, assuming that the reg- 
istration of the content provider 301 , the service provider 
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310, and the SAMs 305^ through 3054 in the EMD serv- 
ice center 302 is completed. 

[0923] Referring to Fig. 102, in step S21, the EIVID 
service center 302 sends to the content provider 301 the 
public key certificate CERcp of the public key data K^pp 5 
of the content provider 301 together with the signature 
data SIG^^sc service center 302. 

[0924] The EMD service center 302 also sends to the 
service provider 31 0 the public key certificate CERgp of 
the public key data Kgpp of the service provider 31 0 to- io 
gether with the signature data SIGg-j esc^^ ^^D 
service center 302. 

[0925] The EMD service center 302 also sends the 
license key data KD^ through KD3 for three months, 
each having a one-month effective period, to the SAMs *5 
305^ through 3054 of the user home netwprk 303. 
[0926] In step 522, after performing mutual authenti- 
cation, the content provider 301 authorizes the UCP da- 
ta 105 and the conlenL key data Kc by registering them 
in the EMD service center 302. The EMD service center 
302 creates the key file KF for six months shown in Fig. 
3B. and sends it to the content provider 301 . 
[0927] Then, in step S23, the content jDrovider 301 
creates the content file CF and the signature data 
SIGg CP shown in Fig. 3A, and the key file KF and the 
signature data SlGy cp shown in Fig. 3B, and provides 
the secure container 104 in which the above-described 
files and signature data, and the public-key certificate 
data CERqp and the signature data SIG^ are stored 
to the service provider 310 online and/or offline. 
[0928] In step S24, after checking the signature data 
SIG 

1 ESC shown in Fig. 3C, the service provider 31 0 ver- 
ifies the integrity of the signature data SIGgcp 
SIG7 QP shown in Figs. 3A and 3B, respectively, by using 
the public key data K^pp stored in the public-key certif- 
icate data CERcp, thereby verifying that the secure con- 
tainer 1 04 has been sent from the legal content provider 
301 . 

[0929] Subsequently, in step S25, the service provid- 
er 31 0 creates the price tag data 31 2 and the signature 
data SIG64SP so as to generate the secure container 
304 shown in Fig. 87 in which the above-described data 
is stored. 

[0930] In step S26, the service provider 31 0 authoriz- 
es the price tag data 312 by registering it in the EMD 

service center 302. 

[0931 ] In step 827. the service provider 31 0 sends the 
secure container 304 created in step S25 to the decod- 
ing module 905 of the network device 360^ shown in Fig. 
89 online or offline in response to, for example, a request 
from the OA module 311 of the user home network 303. 
[0932] Then, in step S28, the CA module 311 creates 
the SP purchase log data 309 and approp'riately sends 
it to the service provider 31 0. 

[0933] Referring to Fig. 103, in step 829, after verify- 
ing the integrity of the signature data SlGg^ ^sc shown 
in Fig. 84D, one of the SAMs 305^ through 3054 verifies 
the integrity of the signature data SIGg2,sp> S^^63.SP' 



and SIGe4 SP shown in Figs. 84A, 848, and 84C, respec- 
tively, by using the public key data Ksp,p stored in the 
public-key certificate data CERsp, thereby determining 
whether the predetennined data within the secure con- 
tainer 304 has been created and sent by the legal serv- 
ice provider 31 0. 

[0934] Thereafter, in step 830, after verifying the in- 
tegrity of the signature data SIG^^sc^^^w^ ''^ ^i9- 
one of the SAMs 305^ through 3054 verifies the integrity 
of the signature data SIGg Qp and SIG7 Qp shown. In 
Figs. 84A and 84B, respectively, by using the public key 
data Kcp p stored in the public-key certificate data CER- 
QP thereby determining whetherthe content file CF with- 
in the secure container 304 has been created by the le- 
gal content provider 301 , and whether the key file KF 
has been sent from the legal content provider 301 . 
[0935] Additionally, one of the SAMs 305^ through 
3064 verifies the integrity of the signature data 
SIGK. 

ESC within the key file KF shown in Fig. 84B by 
using the public key data Kesc,p« thereby determining 
whether the key file KF has been created by the legal 
EMD service center 302. 

[0936] In step S31 , the user determines the purchase 
and usage modes of the content by operating the oper- 
ation unit 165 shown in Fig. 88. 

[0937] In step S32, in the SAMs 305^ through 3064, 
the usage log data 308 of the secure container 304 is 

generated based on the internal Interrupt SB10 output 
from the host CPU 81 0 to the SAMs 305., through 3054 
in step S31. 

[0938] The usage log data 308 and the signature data 
S1G205,SAM1 sent from the SAMs 305^ through 3064 
to the EMD service center 302. The DCS data 166 is 
also sent from the SAMs 305^ through 306410 the EMD 
service center 302 in real time every time the purchase 
mode is determined. 

[0939] In step 833, the EMD service center 302 de- 
termines (calculates) the accounting content for each of 
the content provider 301 and the service provider 310 
based on the usage log data 308, and creates the set- 
tlement request data 152c and 152s based on the ac- 
counting content. 

[0940] Subsequently in step S34, the EMD service 
center 302 sends the settlement request data 152c and 
152s together with signature data of the EMD service 
center302to the settlement organization 91 via the pay- 
ment gateway 90. Accordingly, the payment made by 
the user of the user home network 303 is distributed to 
the content provider 301 , the content rights holders, the 
service provider 310, and the sen/ice-provider rights 
holders. 

[0941] As described above, in the EMD system 300, 
the secure container 104 shown in Figs. 3A through 3C 
is distributed from the content provider 301 to the serv- 
ice provider 31 0, and the secure container 304 in which 
the content file CF and the key file KF of the secure con- 
tainer 104 are stored is sent from the service provider 
310 to the user home network 303. The processing for 
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the key file KF is executed in the SAMs 305^ through 
3054. 

[0942] The content key data Kc and the UCP data 1 06 
stored in the key file KF are encrypted with the license 
key data KD^ through KD3. and is decrypted only in the 
SAMs 305-, through SOS^ which hold the license key da- 
ta KDi through KD3. The SAMs 305^ through 3064 are 
tamper-resistant modules, which determine the pur- 
chase and usage modes of the content data C based on 
the handling policy of the content data C described in 
the UCP data 106. 

[0943] Consequently, according to the EMD system 
300, the content data C in the user home network 303 
can' be reliably purchased and utilized based on the 
UCP data 106 created by the content provider 301 or a 
content-provider related organization, independent of 
the processing in the setvice provider 310. That is, in 
the EMD system 300, the UCP data 106 cannot be man- 
aged by the service provider 310. 
[0944] Thus, in the EMD system 300, even when the 
content data C Is distributed to the user home network 
303 via a plurality of different service providers 310, 
rights processing for the content data C in the SAM of 
the user home network 303 can be performed based on 
the common UCP data 1 06 created by the content pro- 
vider 301 or the content-provider related organization. 
[0945] In the EMD system 300, the files and data with- 
in the secure containers 104 and 304 are provided with 
signature data, which verifies the creators and the send- 
ers of the files and data. It is thus possible for the service 
provider310 and the SAMs 305^ through 3054 to check 
the integrity of the files and data, and the Integrity of the 
creators and the senders thereof, thereby effectively 
preventing the illegal use of the content data C. 
[0946] In the EMD system 300, the secure container 
304 is used for distributing the content data C from the 
service provider 31 0 to the user home network 303 re- 
gardless of whether it is sent online or offline. This en- 
ables the SAMs 105i through 1064 of the user home 
• network 303 to perform the same rights processing re- 
gardless of whether the secure container 304 is sent on- 
line or offline. 

[0947] In purchasing, utilizing, recording, and trans- 
ferhng the content data C in the network device 360i 
and the AA/ machines 36O2 through 36O4 within the user 
home network 303, processing is always executed 
based on the UCP data 106. Thus, rights processing 
rules in common to the whole user home network 303 
can be established, 

[0948] For example, as shown in Fig. 1 04, the content 
data C provided from the content provider 301 may be 
distributed from the service provider 310 to the user 
home network 303 by any method (path), such as pack- 
age distribution, a digital broadcast, the Internet, a ded- 
icated line, a digital radio, or a mobile communication. 
Even if any one of the above-described methods is 
used, the commori rights processing rules can be em- 
ployed In SAMs in the user home networks 303 and 



303a based on the UC P data 1 06 created by the content 
provider 301 . 

[0949] According to the EMD system 300. the EMD 
sen/ice center 302 has an authentication function, a key- 
5 data management function, and a rights processing 
(profits distribution) function. Thus, the payment made 
by the user is reliably distributed to the content provider 
301 and the EMD service center 302 according to pre- 
detemnined ratios. 
10 [0950] Also, the UCP data 1 06 of the same content 
file CF supplied from the same content provider 301 is 
supplied to the SAMs 305^ through 3064, independent 
of the services of the service provider 31 0. Accordingly, 
the content file CF can be utilized in the SAMs 305i 
15 through 3054 based on the UCP data 1 06 at the discre- 
tion of the content provider 301 . 
[0951] That is, according to the EMD system 300, in 
providing services of the content or utilizing the content 
by the user, the rights and profits of the content provider 
20 301 can be reliably protected according to technical 
means without depending on an auditor organization 
725, which is conventionally required. 
[0952] The distribution protocols for, for example, the 
secure container, employed in the EMD system 300 of 
25 the second embodiment are as follows. 

[0953] The secure container 1 04 created in the con- 
tent provider 301 is distributed to the service provider 
310. as shown in Fig. 1 05, by using content-provider dis- 
tribution protocols, such as the Internet (TCP/IP) or a 
30 dedicated line (ATM Cell). 

[0954] The service provider 310 then distributes the 
secure container 1 04 created from the secure container 
1 04 to the user home network 303 by using service-pro- 
vider distribution protocols, such as a digital broadcast 
35 (XMLVSMIL on MPEG-TS) the internet (XML/SMIL on 
TCP/IP), or package distribution (recording medium). 
[0955] Within the user home network 303 or 303a, or 
between the user home networks 303 and 303a, or be- 
tween the SAMs, the secure container is transferred by 
40 using a home electric commerce (EC)/distribution serv- 
ices (XMUSMIL on a 1394-serial bus interface) or a re- 
cording medium. 

[0956] While the present invention has been de- 
scribed with reference to what are presently considered 
45 to be the jireferred embodiments, it is to be understood 
that the invention Is not limited to the disclosed embod- 
iments. 

[0957] For example, although in the foregoing embod- 
iments the key file KF is created in the EMD service cent- 
50 er 1 02 or 302, it may be created in the content provider 
101 or301. 

[0958] As is seen from the foregoing description, the 
data processing apparatus of the present invention of- 
fers the following advantages. Rights processing for the 
55 content data can be performed based on UCP data in- 
dicating the handling of the content data in a secure en- 
vironment. As a result, if the UCP data is created by a 
content provider, profits of the content data can be suit- 
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ably protected, and also, a load for monitoring by the 
content provider can be reduced. 
[0959] In so far as the ennbodlments of the invention 
described above are implemented, at least in part, using 
software-controlled data processing apparatus, it will be 5 
appreciated that a computer program providing such 
software control and a storage medium by which such 
a computer program is stored are envisaged as aspects 
of the present invention. , 



Claims 

•1. A data processing apparatus for perfonning rights 
processing of content data encrypted with content i5 
key data based on usage control policy data, and 
for decrypting the encrypted content key data, said 
data processing apparatus comprising within a 
tamper-resistanl circuit module: 

20 

a first bus; 

an arithmetic processing circuit connected to 
said first bus, for performing the rights process- 
ing of the content data based on the usage con- 
trol policy data; 25 
a storage circuit connected to said first bus; 
a second bus; * 
a first interface circuit interposed 'between said 
first bus and said second bus; 
an encryption processing circuit connected to 30 
said second bus, for decrypting the content key 
data; and 

an external bus interface circuit connected to 
said second bus. 

35 

2. A data processing apparatus according to claim 1 , 
further comprising a second Interface circuit within 
said tamper-resistant circuit module,' wherein said 
first bus comprises a third bus connected to said 
arithmetic processing circuit and said storage cir- 40 
cuit, and a fourth bus connected to said first inter- 
face circuit, and said second interface circuit is in- 
terposed between said third bus and said fourth 
bus. 

45 

3. A data processing apparatus according to claim 2, 
further comprising within said lamper-resistant cir- 
cuit module: 

a fifth bus; [ so 

a third interface circuit connected to said fifth 
bus, for performing communication with a data 
processing circuit having an authentication 
function which is loaded on one of a recording 
medium and an integrated circuit card; and 55 
a fourth interface circuit interpdjsed between 
said fourth bus and said fifth bus; 



4. A data processing apparatus according to claim 1 , 
wherein said encryption processing circuit compris- 
es a public-key encryption circuit and a common- 
key encryption circuit. 

5. A data processing apparatus according to claim 4, 
wherein: 

said storage circuit stores private key data of 
said data processing apparatus and public key 
data of a second data processing apparatus; 
said public-key encryption circuit verifies the in- 
tegrity of signature data, which verifies the in- 
tegrity of the content data, the content key data, 
and the usage control policy data, by using the 
corresponding public key data, and when re- 
cording the content data, the content key data, 
and the usage control policy data on a record- 
ing medium or when sending them to said sec- 
ond data processing apparatus, said public-key 
encryption circuit creates signature data, which 
verifies the integrity of the content data, the 
content key data, and the usage control policy 
data, by using the private key data; and 
said common-key encryption circuit decrypts 
the content key data, and when sending the 
content data, the content key data, and the us- 
age control policy data to said second data 
processing apparatus online, said common- 
key encryption circuit encrypts and decrypts the 
content data, the content key data, and the us- 
age control policy data by using session key da- 
ta obtained by performing mutual authentica- 
tion with said second data processing appara- 
tus. 

6. A data processing apparatus according to claim 5, 
further comprising a hash-value generating circuit 
within said tamper-resistant circuit module, for gen- 
erating hash values of the content data, the content 
key data and the usage control policy data, wherein 
said public-key encryption circuit verifies the integ- 
rity of the signature data and creates the signature 
data by using the hash values. 

7. A data processing apparatus according to claim 1 , 
further comprising a random-number generating 
circuit within said tamper-resistant circuit module, 
said random-number generating circuit being con- 
nected to said second bus, for generating a random 
number for performing mutual authentication with 
said second data processing apparatus when send- 
ing the content data, the content key data, and the 
usage control policy data to said second data 
processing apparatus online. 

8. A data processing apparatus according to claim 1 , 
wherein said external bus interface circuit is con- 
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nected to an external storage circuit for storing at 
least one of the content data, the content key data, 
and the usage control policy data. 

9. A data processing apparatus according to claim 8, 
further comprising a storage-circuit control circuit 
for controlling access to said storage circuit and ac- 
cess tosaid external storage circuit via said external 
bus interface circuit in accordance with a command 
from said arithmetic processing circuit. 

10. A data processing apparatus according to claim 1, 
wherein said external bus interface circuit is con- 
nected to a host arithmetic processing apparatus for 
centrally controlling a system on which said data 
processing apparatus is loaded. 

11. A data processing apparatus according to claim 8, 
further comprising a storage management circuit for 
managing an address space of said storage circuit 
and an address space of said external storage clr- 
cuit- 

12. A data processing apparatus according to claim 1, 
wherein said arithmetic processing circuit deter- 
mines at least one of a purchase mode and a usage 
mode of the content data based on a handling policy 
Indicated by the usage control policy data, and cre- 
ates log data indicating a result of the determined 
mode. 

13. A data processing apparatus according to claim 12, 
wherein, after determining the purchase mode, said 
arithmetic processing circuit creates usage control 
status data in accordance with the determined pur- 
chase mode, and controls the use of the content da- 
ta based on the usage control status data. 

14. A data processing apparatus according to claim 4, 
wherein, in recording the content data, for which the 
purchase mode is determined, on a recording me- 
dium, said common-key encryption circuit encrypts 
the content key data and the usage control status 
data by using medium key data corresponding to 
said recording medium. 

15. A data processing apparatus according to claim 4, 
wherein, when the content key data is encrypted 
with license key data having an effective period, 
said storage circuit stores the license key data, said 
data processing apparatus further comprises a real 
time clock for generating real time, said arithmetic 
processing circuit reads the effective license key 
data from said storage circuit based on the real time 
indicated by said real time clock, and said common- 
key encryption circuit decrypts the content key data 
by using the read license key data. 



• 16. A data processing apparatus according to claim 1 , 
wherein said storage circuit writes and erases data 
in units of blocks, and said data processing appa- 
ratus comprises within said tamper-resistant circuit 
5 module, a write-lock control circuit for controlling the 
writing and erasing of the data into and from said 
storagelcircult in units of blocks under the control of 
said arithmetic processing circuit. 

10 17. A data processing apparatus for performing rights 
processing of content data encrypted with content 
key datk based on usage control policy data, and 
for decrypting the encrypted content key data, said 
data processing apparatus comprising within a 
15 tamper^reslstant circuit module: 

a first bus; 

an ;arithmetic processing circuit connected to 
said first bus, for performing the rights process- 
20 ing of the content data based on the usage con- 

trot policy data; 

a storage circuit connected to said first bus; 
a second bus; 

an interface circuit interposed between said 
25 first bus and said second bus; 

an encryption processing circuit connected to 
said second bus, for decrypting the content key 

data; and 

an external bus Interface circuit connected to 
30 said second bus, 

wherein, upon receiving an interrupt from an 
extemal circuit via said externa! bus interface 
circuit, said arithmetic processing circuit be- 
comes a slave for said external circuit so as to 
35 perform processing designated by the Interrupt, 

and reports a result of the processing to said 
external circuit. 



18. A data processing apparatus according to claim 17, 
40 whereih said arithmetic processing circuit reports 

the result of the processing by outputting an inter- 
rupt to ^said external circuit. 

19. A data processing apparatus according to claim 17, 
45 wherein said external bus interface comprises a 

common memory for said arithmetic processing cir- 
cuit arid said external circuit, and said arithmetic 
processing circuit writes the result of the processing 
into said common memory, and said external circuit 
50 obtains the result of the processing by polling. 

20. A data processing apparatus according to claim 19, 
wherein said external bus interface comprises: 

55 a first status register indicating an execution 

status of the processing requested from said 
external circuit in said arithmetic processing cir- 
cuit, and including a flag set by said arithmetic 
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processing circuit and read by said external cir- 
cuit; 

a second status register indicating whether said 
external circuit has requested said arithmetic 
processing circuit to perfornn processing, and 
including a flag set by said external circuit and 
read by said arithmetic processing circuit; and 
said common memory for storing a result of the 
processing. 

21 . A data processing apparatus according to claim 1 8, 
wherein said storage circuit stores an Interrupt pro- 
gram describing the processing designated by the 
Interrupt, and said arithmetic processing circuit per- 
forms the processing by executing the interrupt pro- 
gram read from said storage circuit. 

22. A data processing apparatus according to claim 21 , 
wherein said storage circuit stores a plurality of said 
interrupt programs, and a plurality of sub-routines 
to be read when executing the interrupt program, 
and said arithmetic processing circuit appropriately 
reads and executes the sub-routines from said stor- 
age circuit when executing the interrupt program 
read from said storage circuit. 

23. A data processing system comprising: 

an arithmetic processing apparatus, for execut- 
ing a predetemiined program and foroutputting 
an interrtipt according to a predetemiined con- 
dition by serving as a master; and 
a data processing apparatus, for performing 
predetermined processing in response to the 
interrupt from said arithmetic processing appa- 
ratus by serving as a slave for said arithmetic 
processing apparatus, and for reporting a result 
of the processing to said arithmetic processing 
apparatus, said data processing apparatus 
comprising within a tamper-resistant circuit 
module: 

determining means for determining at least one 
of a purchase mode and a usage mode of con- 
tent data based on a handling policy indicated 
by usage control policy . data; 
log data generating means for generating log 
data indicating a result of the determined mode; 
and 

decrypting means for decrypting the content 
key data. 

24. A data processing system according to claim 23, 
wherein, upon receiving the interrupt Indicating an 
interrupt type, said arithmetic processing apparatus 
outputs to said data processing apparatus an inter- 
rupt indicating an instruction to execute an inten-upt 
routine corresponding to the interrupt type, and said 
data processing apparatus executes the inten^upt 



routine corresponding to the interrupt type of the in- 
terrupt received from said arithmetic processing ap- 
paratus. 

5 25. A data processing system according to claim 23, 
wherein said data processing apparatus reports a 
result of the processing by outputting an interrupt to 
said arithmetic processing apparatus. 

10 26. A data processing system according to claim 23, 
wherein said data processing apparatus comprises 
a common memory which is accessible by said data 
processing apparatus and said arithmetic process- 
ing apparatus, and said arithmetic processing ap- 

15 paratus obtains the result of the processing by ac- 
cessing said common memory through polling. 

27. A data processing system according to claim 26, 
wherein said data processing apparatus comprises 

20 a first status register indicating an execution status 
of the processing requested from said arithmetic 
processing apparatus, and including a flag read by 
said arithmetic processing apparatus; 

25 a second status register indicating whether said 

arithmetic processing apparatus has requested 
said data processing apparatus to perform 
processing by the interrupt, and including a flag 
set by said arithmetic processing apparatus; 
30 and 

said common memory for storing a result of the 
processing. 

28. A data processing system according to claim 23, 
35 further comprising a bus for connecting said arith- 
metic processing apparatus and said data process- 
ing apparatus. 

29. A data processing system according to claim 24, 
40 wherein said data processing apparatus enters a 

low power state after completing the execution of 
one of an initial program and the interrupt routine. 

30. A data processing system according to claim 24, 
45 wherein, based on the interrupt received from said 

arithmetic processing apparatus, said data 
processing apparatus executes the interrupt routine 
in accordance with at least one of processing for 
determining one of the purchase mode and the us- 
50 age mode of the content data, processing for repro- 
ducing the content data, and processing for down- 
loading the data from a certifying authority. 

31. A data processing system according to claim 23, 
55 wherein said arithmetic processing apparatus exe- 
cutes a predetermined user program. 

32. A data processing system in which content data 
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provided by a data providing apparatus is received 
from a data distribution apparatus, and is managed 
by a management apparatus, said data processing 
system comprising: ^ 

a first processing module for receiving from 
said data distribution apparatus a module in 
which content data encrypted with content key 
data, the encrypted content key data, usage 
control policy data Indicating a handling policy 
of the content data, and price data for the con- 
tent data detemiined by said data distribution 
apparatus are stored, and for decrypting the re- 
ceived module by using common key data, and 
for performing accounting processing for a dis- * 
tribution service of the module by said data dis- 
tribution apparatus; 

an arithmetic processing apparatus for execut- 
ing a predetennined program and for outpulling 
an interrupt according to a predetemriined con- ^ 
ditlon by serving as a master; and 
a data processing apparatus for performing 
predetemriined processing in response to the 
interrupt from said arithmetic processing appa- 
ratus by serving as a slave for said arithmetic - 
processing apparatus, and for reporting a result 
of the processing to said arithmetic processing 
apparatus, said data processing apparatus 
comprising within a tamper-resistant circuit 
module: 

determining means for determining at least 
one of a purchase mode and a usage mode 
of the content data based on the handling 
policy indicated by the usage control policy 
data stored In the received module; 
log data generating means for generating 
log data indicating a result of the deter- 
mined mode; 

output means for outputting the price data 
and the log data to said management ap- 
paratus when the purchase mode of the 
content data is determined; and 
decrypting means for decrypting the con- 
tent key data. 

33. A data processing system comprising: 

an arithmetic processing apparatus for execut- 
ing a predetemriined program and for outputting 
an interrupt according to a predetennined con- 
dition by serving as a master; 
a first tamper-resistant data processing appa- 
ratus for perfomiing rights processing of con- 
tent data encrypted with content key data in re- 
sponse to the interrupt from said arithmetic 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus, and for 



reporting a result of the processing to said arith- 
metic processing apparatus; and 
a second tamper-resistant data processing ap- 
paratus for decrypting the content data by using 
the content key data obtained by perfonning 
mutual authentication with said first tamper- re- 
sisWnt data processing apparatus and for com- 
pressing or decompressing the content data in 
response to the interrupt from said arithmetic 
processing apparatus or said first tamper-re- 
sistant data processing apparatus by serving 
as a slave for said arithmetic processing appa- 
ratus or said first tamper-resistant data 
processing apparatus. 

34. A data processing system according to claim 33, 
further comprising a bus for connecting said arith- 
metic processing apparatus, said first tamper-re- 
sistantldata processing apparatus, and said second 
tampei'-resistant data processing apparatus. 

35. A data processing system comprising: 

an arithmetic processing apparatus for execut- 
ing a predetermined program' and for outputting 
an interrupt according to a predetermined con- 
dition by serving as a master; 
a first tamper-resistant data processing appa- 
ratus for performing rights processing of con- 
tent data encrypted with content key data in re- 
sponse to the interrupt from said arithmetic 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus, and for 
reporting a result of the processing to said arith- 
metic processing apparatus; and 
a second tamper-resistant data processing ap- 
paratus for perfomning mutual authentication 
with said arithmetic processing apparatus and 
for reading and writing the content data from 
and into a recording medium in response to the 
interrupt output from said arithmetic processing 
apparatus. 

36. A data processing system according to claim 35, 
wherein said second tamper-resistant processing 
apparatus decrypts and encrypts the content data 
by using medium key data corresponding to said re- 
cordlnig medium. 

37. A data processing system according to claim 35, 
wherein, when said recording medium is provided 
with a processing circuit having a mutual authenti- 
catiori function, said second tamper-resistant 
processing apparatus performs mutual authentica- 
tion vyith said processing circuit. 

38. A data processing system comprising: 
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an arithmetic processing apparatus for execut- 
ing a predetermined program andforoutputting 
an interrupt according to a predetemfiined con- 
dition by serving as a master; 
a first tamper-resistant data processing appa- 
ratus for performing mutual authentication with 
said arithmetic processing apparatus and for 
reading and writing content data from and into 
a recording medium inxesponse to the inten'upt 
from said arithmetic processing apparatus; and 
a second tamper-resistant data processing ap- 
paratus for decrypting the content data by using 
content l<ey data and for compressing or de- 
compressing the content data in response to 
the interrupt from said arithmetic processing 
apparatus by serving as a slave for said arith- 
metic processing apparatus. 

39. A data processing system according to claim 38, 
further comprising a storage circuit for temporarily 
storing the content data read from said recording 
medium by said first tamper-resistant data process- 
ing apparatus, and for outputting the stored content 
data to said second tamper- resistant data process- 
ing apparatus. 

40. A data processing system according to claim 39, 
wherein said storage circuit utilizes part of a storage 
area of an anti-vibration storage circuit. 

41. A data processing system according to claim 38, 
further comprising a third tamper-resistant data 
processing apparatus for perfomning rights 
processing of the content data encrypted with the 
content key data In response to the Interrupt from 
said arithmetic processing apparatus by serving as 
a slave for said arithmetic processing apparatus, 
and for reporting a result of the processing to said 
arithmetic processing apparatus. 

42. A data processing method using an arithmetic 
processing apparatus and a data processing appa- 
ratus, said data processing method comprising the 
steps of: 

executing, In said arithmetic processing appa- 
ratus, a predetemnined program and outputting 
an interrupt according to a predetermined con- 
dition by serving as a master; and 
determining, in said data processing appara- 
tus, at least one of a purchase mode and a us- 
age mode of content data based on a handling 
policy of usage control policy data, creating log 
data indicating a result of the determined mode, 
and decrypting content key data, within a 
tamper- resistant circuit module in' response to 
the intenrupt from said arithmetic processing 
apparatus by serving as a slave for said arith- 



metic processing apparatus. 

43. A data processing method according to claim 42, 
wherein, upon receiving the Interrupt indicating an 

5 interrupt type, said arithmetic processing apparatus 

outputs to said data processing apparatus an inter- 
rupt Indicating an Instruction to execute an Interrupt 
routine corresponding to the interrupt type, and said 
data processing apparatus executes the interrupt 

10 routine corresponding to the processing designated 
by the interrupt received from said arithmetic 
processing apparatus. 

44. A data processing method according to claim 42, 
^5 wherein said data processing apparatus reports the 

result of the processing by outputting an interrupt to 
said arithmetic processing apparatus. 

45. A data processing method according to claim 42, 
20 wherein said data processing apparatus comprises 

a common memory which is accessible by said data 
processing apparatus and said arithmetic process- 
ing apparatus, and said arithmetic processing ap- 
paratus obtains the result of the processing by ac- 
25 cessing said common memory through polling. 

46. A data processing method according to claim 45, 
wherein: 

30 said data processing apparatus sets a flag in a 

first status register indicating an execution sta- 
tus of the processing requested by the interrupt 
from said arithmetic processing apparatus; 
said arithmetic processing apparatus reads the 

35 execution status of the processing of said data 

processing apparatus from the flag In said first 
status register; 

said arithmetic processing apparatus sets a 
flag in a second status register indicating 
^0 whether said arithmetic processing apparatus 

has requested said data processing apparatus 
to perform the processing through the interrupt; 
and 

said data processing apparatus detemiines 
45 whether said arithmetic processing apparatus 

has requested said data processing apparatus 
to perform the processing from the flag in said 
second status register 

so 47, A data processing method according to claim 42, 
wherein said data processing apparatus enters a 
low power state upon completion of the execution 
of one of an Initial program and the interrupt routine. 

55 48. A data processing method according to claim 42, 
wherein, based on the interrupt received from said 
arithmetic processing apparatus, said data 
processing apparatus executes the Interrupt routine 



BNSOOCID: <EP 1 130492A2J_> 



121 



EP 1 130 492 A2 



122 



in accordance with at least one of processing for 
determining one of the purchase mode and the us- 
age mode of the content data, processing for repro- 
ducing the content data, and processing for down- 
loading the data from a certifying authority. 

49. A data processing method according to claim 42, 
wherein said arithmetic processing apparatus exe- 
cutes a predetermined user program. 



10 



50. 



A data processing method using an arithmetic 
processing apparatus, afirstdata processing appa- 
ratus, and a second data processing apparatus, 
said data processing method comprising the steps 
of: 

executing, in said arithmetic processing appa- 
ratus, a predetemnined program and outputting 
an interrupt according to a predetermined con- 
dition by serving as a master; 
performing, in said first data processing appa- 
ratus, rights processing of content data en- 
crypted with content key data within a tamper- 
resistant module in response to the inten-upt 
from said arithmetic processing apparatus by 
serving as a slave for said arithmetic process- 
ing apparatus, and reporting a result of the 
processing to said arithmetic processing appa- 
ratus; and 

decrypting, in said second data processing ap- 
paratus, the content data by using the content 
key data obtained by performing mutual au- 
thentication with said first data processing ap- 
paratus and compressing or decompressing 
the content data within a tamper-resistant mod- 
ule in response to the interrupt from said arith- 
metic processing apparatus or said first data 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus or said 
first data processing apparatus. 

51. A data processing method using an arithmetic 
processing apparatus, afirstdata processing appa- 
ratus, and a second data processing apparatus, 
said data processing method comprising the steps 
of: 



IS 



20 



processing to said arithmetic processing appa- 
ratus; and 

performing, in said second data processing ap- 
paratus, mutual authentication with said arith- 
metic processing apparatus, and reading and 
writing the content data from and into a record- 
ing medium within a tamper-resistant module 
in response to the interrupt from said arithmetic 
processing apparatus. 

52. A data; processing method according to claim 51 , 
wherein said second data processing apparatus de- 
crypts and encrypts the content data by using me- 
dium key data corresponding to said recording me- 
dium. • 

53. A data processing method according to claim 51 , 
wherein, when said recording medium is provided 
with a processing circuit having a mutual authenti- 
cation function, said second data processing appa- 
ratus performs mutual authentication with said 
processing circuit. 



executing, in said arithmetic processing appa- 
ratus, a predetermined program and outputting 
an interrupt according to a predetennined con- 
dition by serving as a master; 
performing, in said first data processing appa- 
ratus, rights processing of content data en- 
crypted with content key data within a tamper- 
resistant module in response to the interrupt 
from said arithmetic processing apparatus by 
serving as a slave for said arithmetic process- 
ing apparatus, and reporting a result of the 



54. A data processing method using an arithmetic 
25 processing apparatus, a first data processing appa- 
ratus, and a second data processing apparatus, 
said data processing method comprising the steps 
of: 

30 executing, in said arithmetic processing appa- 

ratus, a predetermined program and outputting 
an interrupt according to a predetermined con- 
dition by serving as a master; 
performing, in said first data processing appa- 

35 ratus, mutual authentication with said aritlime- 

tic processing apparatus, and reading and writ- 
ing content data from and into a recording nrie- 
dium within a tamper-resistant module in re- 
sponse to the interrupt from said arithmetic 

40 prbcessing apparatus; and 

decrypting, in said second data processing ap- 
paratus, the content data by using content key 
data and compressing or decompressing the 
content data within a tamper-resistant module 

45 in response to the interrupt from said arithmetic 

processing apparatus by serving as a slave for 
said arithmetic processing apparatus. 

55. A data processing method according to claim 54, 
50 wherein the content data read from said recording 
medium by said first data processing apparatus is 
temporarily stored in a storage circuit, and the con- 
tent data read from said storage circuit is output to 
said second data processing apparatus. 



55 



56. A data processing method according to claim 55, 
wherein said storage circuit utilizes part of a storage 
area of an anti-vibration storage circuit. 
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